Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GHXsFkoroU.exe

Overview

General Information

Sample name:GHXsFkoroU.exe
renamed because original name is a hash value
Original sample name:2e0d4188fa62f1816c960adcf5be1a01.exe
Analysis ID:1581623
MD5:2e0d4188fa62f1816c960adcf5be1a01
SHA1:cba704aa98f11b19ff969d5aa17513ff9642e952
SHA256:877c22851b1c18c92c6458beb834e05fa15e088fc9ef88a59122d2e8d51a0b49
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • GHXsFkoroU.exe (PID: 4320 cmdline: "C:\Users\user\Desktop\GHXsFkoroU.exe" MD5: 2E0D4188FA62F1816C960ADCF5BE1A01)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["cashfuzysao.buzz", "scentniej.buzz", "inherineau.buzz", "prisonyfork.buzz", "mindhandru.buzz", "appliacnesot.buzz", "hummskitnj.buzz", "rebuildeso.buzz", "screwamusresz.buzz"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:59.054261+010020283713Unknown Traffic192.168.2.54970423.55.153.106443TCP
      2024-12-28T10:03:01.492825+010020283713Unknown Traffic192.168.2.549705104.21.66.86443TCP
      2024-12-28T10:03:03.126670+010020283713Unknown Traffic192.168.2.549706104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:03:02.228700+010020546531A Network Trojan was detected192.168.2.549705104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:03:02.228700+010020498361A Network Trojan was detected192.168.2.549705104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:56.737496+010020585721Domain Observed Used for C2 Detected192.168.2.5639321.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:56.974964+010020585761Domain Observed Used for C2 Detected192.168.2.5616481.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:57.199387+010020585781Domain Observed Used for C2 Detected192.168.2.5610021.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:56.115995+010020585801Domain Observed Used for C2 Detected192.168.2.5626451.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:55.125280+010020585821Domain Observed Used for C2 Detected192.168.2.5544521.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:55.411662+010020585841Domain Observed Used for C2 Detected192.168.2.5583331.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:55.640280+010020585861Domain Observed Used for C2 Detected192.168.2.5576071.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:55.874572+010020585881Domain Observed Used for C2 Detected192.168.2.5555031.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:56.515653+010020585901Domain Observed Used for C2 Detected192.168.2.5582581.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-28T10:02:59.849437+010028586661Domain Observed Used for C2 Detected192.168.2.54970423.55.153.106443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: GHXsFkoroU.exeAvira: detected
      Antivirus detection for URL or domain
      Source: https://lev-tolstoi.com/fAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/l1Avira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/.valveaAvira URL Cloud: Label: malware
      Source: https://lev-tolstoi.com/api-Avira URL Cloud: Label: malware
      Found malware configuration
      Source: GHXsFkoroU.exe.4320.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["cashfuzysao.buzz", "scentniej.buzz", "inherineau.buzz", "prisonyfork.buzz", "mindhandru.buzz", "appliacnesot.buzz", "hummskitnj.buzz", "rebuildeso.buzz", "screwamusresz.buzz"], "Build id": "PsFKDg--pablo"}
      Multi AV Scanner detection for submitted file
      Source: GHXsFkoroU.exeReversingLabs: Detection: 60%
      Source: GHXsFkoroU.exeVirustotal: Detection: 55%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: GHXsFkoroU.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: hummskitnj.buzz
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: cashfuzysao.buzz
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: appliacnesot.buzz
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: screwamusresz.buzz
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: inherineau.buzz
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: scentniej.buzz
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: rebuildeso.buzz
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: prisonyfork.buzz
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: mindhandru.buzz
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
      Source: 00000000.00000003.2047892307.00000000052A0000.00000004.00001000.00020000.00000000.sdmpString decryptor: PsFKDg--pablo
      Source: GHXsFkoroU.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov edx, ebx0_2_00718600
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]0_2_00718A50
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_00751720
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0073C0E6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0073E0DA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0073C09E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov eax, dword ptr [00756130h]0_2_00728169
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0073C09E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_007381CC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00746210
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00750340
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov ecx, eax0_2_0072C300
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_007383D8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]0_2_0073C465
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0073C465
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00738528
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov edi, ecx0_2_0073A5B6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]0_2_007506F0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0073C850
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00732830
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]0_2_0074C830
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then push esi0_2_0071C805
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov eax, ebx0_2_0072C8A0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]0_2_0072C8A0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]0_2_0072C8A0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]0_2_0072C8A0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_007389E9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_0074C990
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h0_2_0074CA40
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0073AAC0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]0_2_0071AB40
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov edx, ecx0_2_00728B1B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]0_2_0072EB80
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]0_2_0071CC7A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00724CA0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]0_2_00750D20
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov edx, ecx0_2_00736D2E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0074CDF0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]0_2_0074CDF0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0074CDF0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h0_2_0074CDF0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]0_2_0074EDC1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov ecx, eax0_2_00732E6D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then jmp edx0_2_00732E6D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_00732E6D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]0_2_00712EB0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00726F52
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov esi, ecx0_2_007390D0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_0073B170
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov ecx, eax0_2_0073D17D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]0_2_00751160
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov ecx, eax0_2_0073D116
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0073D34A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_007173D0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_007173D0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0072747D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov word ptr [edx], di0_2_0072747D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov eax, ebx0_2_00737440
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]0_2_00737440
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]0_2_0072B57D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]0_2_00737740
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then jmp eax0_2_00739739
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then jmp edx0_2_007337D6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov dword ptr [esp+20h], eax0_2_00719780
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov edx, ecx0_2_0072B8F6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov edx, ecx0_2_0072B8F6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov ecx, eax0_2_0072D8D8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov ecx, eax0_2_0072D8D8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov ecx, eax0_2_0072D8AC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov ecx, eax0_2_0072D8AC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then jmp edx0_2_007339B9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]0_2_007339B9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0073B980
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then dec edx0_2_0074FA20
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00731A10
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then dec edx0_2_0074FB10
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then dec edx0_2_0074FD70
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0073DDFF
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then dec edx0_2_0074FE00
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0073DE07
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov edx, ecx0_2_00739E80
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov ecx, eax0_2_0073BF13
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]0_2_00735F1B

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.5:62645 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.5:63932 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.5:58333 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058582 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz) : 192.168.2.5:54452 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.5:61648 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.5:58258 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.5:55503 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.5:57607 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.5:61002 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 23.55.153.106:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.66.86:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: cashfuzysao.buzz
      Source: Malware configuration extractorURLs: scentniej.buzz
      Source: Malware configuration extractorURLs: inherineau.buzz
      Source: Malware configuration extractorURLs: prisonyfork.buzz
      Source: Malware configuration extractorURLs: mindhandru.buzz
      Source: Malware configuration extractorURLs: appliacnesot.buzz
      Source: Malware configuration extractorURLs: hummskitnj.buzz
      Source: Malware configuration extractorURLs: rebuildeso.buzz
      Source: Malware configuration extractorURLs: screwamusresz.buzz
      Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
      Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 23.55.153.106:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: heckout.steampowered.com/ https://www.youtube.com https: equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: mindhandru.buzz
      Source: global trafficDNS traffic detected: DNS query: prisonyfork.buzz
      Source: global trafficDNS traffic detected: DNS query: rebuildeso.buzz
      Source: global trafficDNS traffic detected: DNS query: scentniej.buzz
      Source: global trafficDNS traffic detected: DNS query: inherineau.buzz
      Source: global trafficDNS traffic detected: DNS query: screwamusresz.buzz
      Source: global trafficDNS traffic detected: DNS query: appliacnesot.buzz
      Source: global trafficDNS traffic detected: DNS query: cashfuzysao.buzz
      Source: global trafficDNS traffic detected: DNS query: hummskitnj.buzz
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
      Source: GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.c
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
      Source: GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steam
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steams
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamst
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/
      Source: GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKU
      Source: GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/jav
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampo
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001455000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/.valvea
      Source: GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001452000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001451000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
      Source: GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api-
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/f
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/l1
      Source: GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001432000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2135887360.0000000001432000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowereV
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vi
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
      Source: GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/l
      Source: GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001446000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2135887360.0000000001446000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
      Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49705 version: TLS 1.2

      System Summary

      barindex
      PE file contains section with special chars
      Source: GHXsFkoroU.exeStatic PE information: section name:
      Source: GHXsFkoroU.exeStatic PE information: section name: .idata
      Source: GHXsFkoroU.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007186000_2_00718600
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0071B1000_2_0071B100
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088E09C0_2_0088E09C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078E0630_2_0078E063
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007FA0580_2_007FA058
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007980530_2_00798053
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008780AA0_2_008780AA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008620A80_2_008620A8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0086E0B20_2_0086E0B2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007720330_2_00772033
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F403A0_2_007F403A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E80330_2_007E8033
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008480D10_2_008480D1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0080A0FB0_2_0080A0FB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0073C0E60_2_0073C0E6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007260E90_2_007260E9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082C0190_2_0082C019
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008840160_2_00884016
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007860DD0_2_007860DD
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A00D30_2_007A00D3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F00D50_2_007F00D5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008400360_2_00840036
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0073A0CA0_2_0073A0CA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008260390_2_00826039
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081A03E0_2_0081A03E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007AE0B20_2_007AE0B2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0087004F0_2_0087004F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0077E0A70_2_0077E0A7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0073C09E0_2_0073C09E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007CE08D0_2_007CE08D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079C17E0_2_0079C17E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E41730_2_007E4173
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007741790_2_00774179
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008681960_2_00868196
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007161600_2_00716160
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007281690_2_00728169
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0073C09E0_2_0073C09E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081E1E50_2_0081E1E5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008561E00_2_008561E0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079A10C0_2_0079A10C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008221F50_2_008221F5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084C1060_2_0084C106
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C01FF0_2_007C01FF
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B41ED0_2_007B41ED
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007941E20_2_007941E2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F41E20_2_007F41E2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007921D20_2_007921D2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008041380_2_00804138
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C41C60_2_007C41C6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008861330_2_00886133
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007381CC0_2_007381CC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0083A1410_2_0083A141
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0077C1B00_2_0077C1B0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084E14D0_2_0084E14D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084A14F0_2_0084A14F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008881590_2_00888159
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0087215B0_2_0087215B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078418B0_2_0078418B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0073E1800_2_0073E180
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007142700_2_00714270
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082028C0_2_0082028C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008162930_2_00816293
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008062980_2_00806298
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0086629E0_2_0086629E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008802910_2_00880291
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008842A80_2_008842A8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008022B00_2_008022B0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008342BD0_2_008342BD
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007AC2330_2_007AC233
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007EE2370_2_007EE237
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A02360_2_007A0236
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0072E2200_2_0072E220
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008102D90_2_008102D9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008182DA0_2_008182DA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008542E50_2_008542E5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007782100_2_00778210
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008462EA0_2_008462EA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007EC2080_2_007EC208
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A62000_2_007A6200
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008382F90_2_008382F9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B02D90_2_007B02D9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007342D00_2_007342D0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E22DD0_2_007E22DD
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008582560_2_00858256
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008442520_2_00844252
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0086E2790_2_0086E279
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007823790_2_00782379
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A83770_2_007A8377
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082E38D0_2_0082E38D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F236C0_2_007F236C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007CA3560_2_007CA356
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007963550_2_00796355
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085A3B90_2_0085A3B9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A233B0_2_007A233B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B63390_2_007B6339
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A63390_2_007A6339
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0083C3C00_2_0083C3C0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007883300_2_00788330
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F63370_2_007F6337
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008823C50_2_008823C5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079032E0_2_0079032E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A43260_2_007A4326
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007923270_2_00792327
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008643D80_2_008643D8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079E30D0_2_0079E30D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008323F70_2_008323F7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085C3F30_2_0085C3F3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007863FA0_2_007863FA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0087A30F0_2_0087A30F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008083170_2_00808317
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0077A3EF0_2_0077A3EF
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007BA3E30_2_007BA3E3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007383D80_2_007383D8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007FE3D20_2_007FE3D2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008363420_2_00836342
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007DA3BA0_2_007DA3BA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0087E34A0_2_0087E34A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008403500_2_00840350
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0080C35F0_2_0080C35F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0087637D0_2_0087637D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007724710_2_00772471
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007504600_2_00750460
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078E46D0_2_0078E46D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008CA4940_2_008CA494
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084C49E0_2_0084C49E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081449A0_2_0081449A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007EC4630_2_007EC463
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078C4660_2_0078C466
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007AE45E0_2_007AE45E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008624AB0_2_008624AB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0074A4400_2_0074A440
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D04430_2_007D0443
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0086A4D60_2_0086A4D6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008784DC0_2_008784DC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B241F0_2_007B241F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081E4EB0_2_0081E4EB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B44160_2_007B4416
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A64140_2_007A6414
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E840F0_2_007E840F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007764090_2_00776409
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007BE4FC0_2_007BE4FC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E44F60_2_007E44F6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008724150_2_00872415
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007324E00_2_007324E0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C04E20_2_007C04E2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0077E4E80_2_0077E4E8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081C4210_2_0081C421
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D24DB0_2_007D24DB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007804CC0_2_007804CC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007304C60_2_007304C6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008604430_2_00860443
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008AE44C0_2_008AE44C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088E45F0_2_0088E45F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085246A0_2_0085246A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079E48B0_2_0079E48B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0083458E0_2_0083458E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F85700_2_007F8570
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078656A0_2_0078656A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007345600_2_00734560
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C256A0_2_007C256A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084A5AC0_2_0084A5AC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008565AE0_2_008565AE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008CC5A20_2_008CC5A2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079A54B0_2_0079A54B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007AA5410_2_007AA541
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007BC5310_2_007BC531
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0073C53C0_2_0073C53C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008705D40_2_008705D4
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008005D40_2_008005D4
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D65280_2_007D6528
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007DE5180_2_007DE518
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A651C0_2_007A651C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008425E80_2_008425E8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078450C0_2_0078450C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D45FD0_2_007D45FD
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007165F00_2_007165F0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007985F10_2_007985F1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C65F50_2_007C65F5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007AC5E20_2_007AC5E2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085851D0_2_0085851D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0074A5D40_2_0074A5D4
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082E5210_2_0082E521
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C85D70_2_007C85D7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078C5D60_2_0078C5D6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0083A52D0_2_0083A52D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007EC5CC0_2_007EC5CC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008225350_2_00822535
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008DE5410_2_008DE541
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008665480_2_00866548
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0074C5A00_2_0074C5A0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007DC59B0_2_007DC59B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008D45640_2_008D4564
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F467D0_2_007F467D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A46790_2_007A4679
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008506940_2_00850694
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007826640_2_00782664
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081869D0_2_0081869D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0086C6A70_2_0086C6A7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007486500_2_00748650
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008406A20_2_008406A2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0077C65E0_2_0077C65E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007966570_2_00796657
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C26480_2_007C2648
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0087C6C60_2_0087C6C6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0072E6300_2_0072E630
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085A6C10_2_0085A6C1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008106D20_2_008106D2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0083E6DA0_2_0083E6DA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007946240_2_00794624
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008546E90_2_008546E9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008086ED0_2_008086ED
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007EA6030_2_007EA603
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081A6020_2_0081A602
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007506F00_2_007506F0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008886290_2_00888629
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007346D00_2_007346D0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0080462D0_2_0080462D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A06C30_2_007A06C3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085E66D0_2_0085E66D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088467A0_2_0088467A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0071E6870_2_0071E687
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008247880_2_00824788
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007227500_2_00722750
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008747AE0_2_008747AE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008207B30_2_008207B3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C874E0_2_007C874E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008C87C10_2_008C87C1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007FA7320_2_007FA732
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D87210_2_007D8721
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008467D80_2_008467D8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081C7DF0_2_0081C7DF
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007EE70B0_2_007EE70B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008527FC0_2_008527FC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007887FD0_2_007887FD
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A67E80_2_007A67E8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082A7110_2_0082A711
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D27DA0_2_007D27DA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A87C80_2_007A87C8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008647480_2_00864748
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082E75D0_2_0082E75D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007927910_2_00792791
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084E7760_2_0084E776
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088A88F0_2_0088A88F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008168930_2_00816893
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0080C8940_2_0080C894
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007CE85D0_2_007CE85D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084A8AE0_2_0084A8AE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0071C8400_2_0071C840
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A08460_2_007A0846
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008648C50_2_008648C5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008308E10_2_008308E1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F68160_2_007F6816
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008708EE0_2_008708EE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085C8EA0_2_0085C8EA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079880D0_2_0079880D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007CC80A0_2_007CC80A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F28090_2_007F2809
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088C81A0_2_0088C81A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088281D0_2_0088281D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008768200_2_00876820
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D68CA0_2_007D68CA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007488B00_2_007488B0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007868BD0_2_007868BD
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E68B70_2_007E68B7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C08B10_2_007C08B1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0072C8A00_2_0072C8A0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007AE8920_2_007AE892
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008848740_2_00884874
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007949750_2_00794975
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0072E9600_2_0072E960
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008389960_2_00838996
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088899E0_2_0088899E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D495C0_2_007D495C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0086C9AC0_2_0086C9AC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F894D0_2_007F894D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007DE93B0_2_007DE93B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008849D00_2_008849D0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007369100_2_00736910
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A89130_2_007A8913
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008809090_2_00880909
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007989FC0_2_007989FC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079A9EB0_2_0079A9EB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007509E00_2_007509E0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008069150_2_00806915
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0073C9EB0_2_0073C9EB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007EA9C20_2_007EA9C2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007CE9AF0_2_007CE9AF
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0077C9AA0_2_0077C9AA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C499E0_2_007C499E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008589670_2_00858967
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008D297F0_2_008D297F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B49830_2_007B4983
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A6A700_2_007A6A70
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007ECA6C0_2_007ECA6C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085AAA50_2_0085AAA5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00876AA50_2_00876AA5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E2A580_2_007E2A58
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0086AAA00_2_0086AAA0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00774A450_2_00774A45
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0074CA400_2_0074CA40
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0080AAB60_2_0080AAB6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078CA470_2_0078CA47
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00850ABA0_2_00850ABA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00790A3E0_2_00790A3E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B8A1B0_2_007B8A1B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007DAA070_2_007DAA07
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0083AA060_2_0083AA06
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007ACAE60_2_007ACAE6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084AA220_2_0084AA22
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00820A330_2_00820A33
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00796AB80_2_00796AB8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00802A430_2_00802A43
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00834A440_2_00834A44
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00872A4E0_2_00872A4E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00738ABC0_2_00738ABC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007DCA800_2_007DCA80
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00836A7E0_2_00836A7E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00852B8D0_2_00852B8D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A2B5E0_2_007A2B5E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0083CBA90_2_0083CBA9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0071AB400_2_0071AB40
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007BAB480_2_007BAB48
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00834BBA0_2_00834BBA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084CBBF0_2_0084CBBF
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0083EBBF0_2_0083EBBF
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B0B240_2_007B0B24
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00868BD90_2_00868BD9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00854BE50_2_00854BE5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F0B1D0_2_007F0B1D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00728B1B0_2_00728B1B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B4B0B0_2_007B4B0B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00886B090_2_00886B09
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007FEBFB0_2_007FEBFB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00770BFB0_2_00770BFB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00838B170_2_00838B17
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085EB120_2_0085EB12
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00804B1A0_2_00804B1A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00846B280_2_00846B28
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0080EB3F0_2_0080EB3F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00714BA00_2_00714BA0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00844B5C0_2_00844B5C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084EB670_2_0084EB67
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00776B9E0_2_00776B9E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00856B6C0_2_00856B6C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078AB930_2_0078AB93
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00788B880_2_00788B88
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0072EB800_2_0072EB80
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088EB740_2_0088EB74
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0086CC8C0_2_0086CC8C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00782C770_2_00782C77
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088AC960_2_0088AC96
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E0C5F0_2_007E0C5F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00880CBE0_2_00880CBE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F8C3F0_2_007F8C3F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F2C3C0_2_007F2C3C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082CCCB0_2_0082CCCB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007CAC280_2_007CAC28
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00862CD00_2_00862CD0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0087CCDD0_2_0087CCDD
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F4C180_2_007F4C18
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00870CED0_2_00870CED
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0087ACE90_2_0087ACE9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007DECF60_2_007DECF6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081AC1F0_2_0081AC1F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00780CD10_2_00780CD1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082AC2E0_2_0082AC2E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D6CCE0_2_007D6CCE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00806C350_2_00806C35
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079ECB30_2_0079ECB3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00724CA00_2_00724CA0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081EC560_2_0081EC56
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D2CA70_2_007D2CA7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F6C9E0_2_007F6C9E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00784C960_2_00784C96
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00828D830_2_00828D83
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00818D840_2_00818D84
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007BED770_2_007BED77
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00804D960_2_00804D96
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007DCD650_2_007DCD65
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0073CD5E0_2_0073CD5E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007CED4B0_2_007CED4B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0073CD4C0_2_0073CD4C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A8D3D0_2_007A8D3D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008C6DC60_2_008C6DC6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B8D2F0_2_007B8D2F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00750D200_2_00750D20
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00800DD50_2_00800DD5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00736D2E0_2_00736D2E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00844DE20_2_00844DE2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00798D140_2_00798D14
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00786D020_2_00786D02
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00832DF80_2_00832DF8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0074CDF00_2_0074CDF0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00876D1F0_2_00876D1F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0077CDD10_2_0077CDD1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A2DCB0_2_007A2DCB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085CD450_2_0085CD45
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00810D590_2_00810D59
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C4DA10_2_007C4DA1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0073EE630_2_0073EE63
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B4E6F0_2_007B4E6F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0080AE950_2_0080AE95
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085AE9D0_2_0085AE9D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0087EE9A0_2_0087EE9A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00732E6D0_2_00732E6D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00730E6C0_2_00730E6C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085EEA40_2_0085EEA4
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007FCE490_2_007FCE49
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00840EC70_2_00840EC7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078AE2D0_2_0078AE2D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0077AE210_2_0077AE21
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079AE2E0_2_0079AE2E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007BAE230_2_007BAE23
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0078EE270_2_0078EE27
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00872EE10_2_00872EE1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00884E0A0_2_00884E0A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D0EF50_2_007D0EF5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007A4EE80_2_007A4EE8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00808E140_2_00808E14
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00816E290_2_00816E29
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007AEECC0_2_007AEECC
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00712EB00_2_00712EB0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0072AEB00_2_0072AEB0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00780EB10_2_00780EB1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00748EA00_2_00748EA0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00822E600_2_00822E60
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00882E6A0_2_00882E6A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E2E960_2_007E2E96
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082AE770_2_0082AE77
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0086AE710_2_0086AE71
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00824F8B0_2_00824F8B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00776F780_2_00776F78
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00802F8F0_2_00802F8F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00864F910_2_00864F91
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F0F670_2_007F0F67
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008DAF930_2_008DAF93
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00842F9B0_2_00842F9B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00726F520_2_00726F52
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082CFCE0_2_0082CFCE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007ECF2A0_2_007ECF2A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088CFD30_2_0088CFD3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00796F0F0_2_00796F0F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E8F090_2_007E8F09
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C2F040_2_007C2F04
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008D0FF30_2_008D0FF3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085CFFB0_2_0085CFFB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F8FF80_2_007F8FF8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00838F1B0_2_00838F1B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084EF270_2_0084EF27
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007B2FC70_2_007B2FC7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0083AF470_2_0083AF47
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007FEFB40_2_007FEFB4
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007FAFAA0_2_007FAFAA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00874F600_2_00874F60
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082AF6A0_2_0082AF6A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0077CF820_2_0077CF82
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00820F740_2_00820F74
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088EF7E0_2_0088EF7E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C6F860_2_007C6F86
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D90750_2_007D9075
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0083F0930_2_0083F093
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008390A00_2_008390A0
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E70540_2_007E7054
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0079F0410_2_0079F041
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007730350_2_00773035
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0082B0C80_2_0082B0C8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007C10370_2_007C1037
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0071D0210_2_0071D021
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008470D20_2_008470D2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007D301D0_2_007D301D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0072D0030_2_0072D003
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E30080_2_007E3008
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008570170_2_00857017
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007750E30_2_007750E3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007BD0DB0_2_007BD0DB
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0085902A0_2_0085902A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008690340_2_00869034
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0086D03A0_2_0086D03A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007E10C30_2_007E10C3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F70B50_2_007F70B5
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081F0710_2_0081F071
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081307D0_2_0081307D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0087B1970_2_0087B197
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F51640_2_007F5164
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007BB1640_2_007BB164
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007CF15C0_2_007CF15C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007DD1590_2_007DD159
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007DB1500_2_007DB150
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0081B1B70_2_0081B1B7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008851C30_2_008851C3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0084F1CA0_2_0084F1CA
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008611C80_2_008611C8
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008171D10_2_008171D1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008151D30_2_008151D3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007FF11A0_2_007FF11A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008451E10_2_008451E1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007F31130_2_007F3113
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007951020_2_00795102
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008071FE0_2_008071FE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_008811080_2_00881108
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: String function: 00717F60 appears 40 times
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: String function: 00724C90 appears 77 times
      Source: GHXsFkoroU.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: GHXsFkoroU.exeStatic PE information: Section: ZLIB complexity 0.9994957618464052
      Source: GHXsFkoroU.exeStatic PE information: Section: xrooptch ZLIB complexity 0.9948772189893931
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@11/2
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00742070 CoCreateInstance,0_2_00742070
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: GHXsFkoroU.exeReversingLabs: Detection: 60%
      Source: GHXsFkoroU.exeVirustotal: Detection: 55%
      Source: GHXsFkoroU.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeFile read: C:\Users\user\Desktop\GHXsFkoroU.exeJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: GHXsFkoroU.exeStatic file information: File size 1909760 > 1048576
      Source: GHXsFkoroU.exeStatic PE information: Raw size of xrooptch is bigger than: 0x100000 < 0x1a8400

      Data Obfuscation

      barindex
      Detected unpacking (changes PE section rights)
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeUnpacked PE file: 0.2.GHXsFkoroU.exe.710000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xrooptch:EW;crvfcpup:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xrooptch:EW;crvfcpup:EW;.taggant:EW;
      Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
      Source: GHXsFkoroU.exeStatic PE information: real checksum: 0x1d5b2d should be: 0x1df1f8
      Source: GHXsFkoroU.exeStatic PE information: section name:
      Source: GHXsFkoroU.exeStatic PE information: section name: .idata
      Source: GHXsFkoroU.exeStatic PE information: section name:
      Source: GHXsFkoroU.exeStatic PE information: section name: xrooptch
      Source: GHXsFkoroU.exeStatic PE information: section name: crvfcpup
      Source: GHXsFkoroU.exeStatic PE information: section name: .taggant
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076955A push edx; mov dword ptr [esp], 6F4874B5h0_2_00769774
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076955A push eax; mov dword ptr [esp], edx0_2_00769DF7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00769F6D push 478B9C57h; mov dword ptr [esp], edx0_2_0076A511
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088E09C push edi; mov dword ptr [esp], edx0_2_0088E5C3
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0088E09C push ebx; mov dword ptr [esp], eax0_2_0088E63B
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_009B208E push edx; mov dword ptr [esp], eax0_2_009B20B1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_009B208E push 41ECB82Eh; mov dword ptr [esp], ebp0_2_009B20E6
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_009B208E push 05A96F26h; mov dword ptr [esp], ebp0_2_009B217C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076C05F push edx; mov dword ptr [esp], eax0_2_0076CB69
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076E020 push ebp; mov dword ptr [esp], 3A37808Ah0_2_0076DC6C
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076E020 push edx; mov dword ptr [esp], ebp0_2_0076DC78
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076E020 push edx; mov dword ptr [esp], ecx0_2_0076E040
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076E020 push ebp; mov dword ptr [esp], esi0_2_0076E04D
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076E020 push ebx; mov dword ptr [esp], edx0_2_0076EAC7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076E020 push 08225A7Ch; mov dword ptr [esp], ecx0_2_0076EAD1
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076802C push edi; mov dword ptr [esp], edx0_2_00768363
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076A0E0 push ebp; mov dword ptr [esp], 74EDEB07h0_2_0076A0ED
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00826039 push eax; mov dword ptr [esp], ebp0_2_0082651E
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00826039 push esi; mov dword ptr [esp], ebp0_2_00826552
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00826039 push 4161F682h; mov dword ptr [esp], ecx0_2_0082655A
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00826039 push edx; mov dword ptr [esp], ebx0_2_00826607
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00826039 push ebx; mov dword ptr [esp], ecx0_2_00826610
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00826039 push ebp; mov dword ptr [esp], 04F42F1Eh0_2_0082665F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076C0B7 push eax; mov dword ptr [esp], 7AD2008Bh0_2_0076C0BE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076C0B7 push edx; mov dword ptr [esp], edi0_2_0076C0C9
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076C085 push edx; mov dword ptr [esp], ebx0_2_0076C392
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076C085 push 48A1E222h; mov dword ptr [esp], ebx0_2_0076C39F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076C172 push edx; mov dword ptr [esp], esi0_2_0076D8E7
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076812E push edi; mov dword ptr [esp], esi0_2_0076812F
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0076E110 push 71664958h; mov dword ptr [esp], ebp0_2_0076FA90
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_007FE1D9 push edx; mov dword ptr [esp], 2E7F11E1h0_2_007FE216
      Source: GHXsFkoroU.exeStatic PE information: section name: entropy: 7.972280706588096
      Source: GHXsFkoroU.exeStatic PE information: section name: xrooptch entropy: 7.9543029290749425

      Boot Survival

      barindex
      Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeWindow searched: window name: RegmonClassJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeWindow searched: window name: RegmonclassJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeWindow searched: window name: FilemonclassJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect sandboxes / dynamic malware analysis system (registry check)
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 76911A second address: 768A64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 js 00007F991CD146A1h 0x0000000e nop 0x0000000f jmp 00007F991CD1469Ch 0x00000014 push dword ptr [ebp+122D0C69h] 0x0000001a mov dword ptr [ebp+122D238Bh], edi 0x00000020 call dword ptr [ebp+122D2D14h] 0x00000026 pushad 0x00000027 xor dword ptr [ebp+122D1BB6h], esi 0x0000002d xor eax, eax 0x0000002f stc 0x00000030 mov edx, dword ptr [esp+28h] 0x00000034 mov dword ptr [ebp+122D1BBEh], esi 0x0000003a mov dword ptr [ebp+122D38E9h], eax 0x00000040 jbe 00007F991CD1469Ch 0x00000046 mov esi, 0000003Ch 0x0000004b jmp 00007F991CD1469Ch 0x00000050 add esi, dword ptr [esp+24h] 0x00000054 cmc 0x00000055 lodsw 0x00000057 clc 0x00000058 cmc 0x00000059 add eax, dword ptr [esp+24h] 0x0000005d cmc 0x0000005e mov ebx, dword ptr [esp+24h] 0x00000062 or dword ptr [ebp+122D1BB6h], edx 0x00000068 nop 0x00000069 jng 00007F991CD1469Eh 0x0000006f push eax 0x00000070 jg 00007F991CD146A4h 0x00000076 pushad 0x00000077 push eax 0x00000078 push edx 0x00000079 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8D59F4 second address: 8D5A05 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jp 00007F991CEDCA66h 0x00000010 pop esi 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8D5A05 second address: 8D5A0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F991CD14696h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E2D3D second address: 8E2D58 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F991CEDCA66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F991CEDCA6Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E2D58 second address: 8E2D5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E2D5E second address: 8E2D82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jp 00007F991CEDCA6Ah 0x0000000e push edx 0x0000000f ja 00007F991CEDCA66h 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a jns 00007F991CEDCA66h 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E2D82 second address: 8E2D86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E2D86 second address: 8E2DA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F991CEDCA70h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F991CEDCA6Bh 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E2DA9 second address: 8E2DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E2DAD second address: 8E2DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E2EF5 second address: 8E2F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F991CD146A2h 0x0000000e jmp 00007F991CD146A5h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E2F24 second address: 8E2F2E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F991CEDCA72h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E2F2E second address: 8E2F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E3069 second address: 8E307B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F991CEDCA6Dh 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E6210 second address: 8E6214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E6214 second address: 768A64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 78BA4FDFh 0x00000010 jmp 00007F991CEDCA6Bh 0x00000015 push dword ptr [ebp+122D0C69h] 0x0000001b movzx esi, ax 0x0000001e call dword ptr [ebp+122D2D14h] 0x00000024 pushad 0x00000025 xor dword ptr [ebp+122D1BB6h], esi 0x0000002b xor eax, eax 0x0000002d stc 0x0000002e mov edx, dword ptr [esp+28h] 0x00000032 mov dword ptr [ebp+122D1BBEh], esi 0x00000038 mov dword ptr [ebp+122D38E9h], eax 0x0000003e jbe 00007F991CEDCA6Ch 0x00000044 mov esi, 0000003Ch 0x00000049 jmp 00007F991CEDCA6Ch 0x0000004e add esi, dword ptr [esp+24h] 0x00000052 cmc 0x00000053 lodsw 0x00000055 clc 0x00000056 cmc 0x00000057 add eax, dword ptr [esp+24h] 0x0000005b cmc 0x0000005c mov ebx, dword ptr [esp+24h] 0x00000060 or dword ptr [ebp+122D1BB6h], edx 0x00000066 nop 0x00000067 jng 00007F991CEDCA6Eh 0x0000006d push eax 0x0000006e jg 00007F991CEDCA74h 0x00000074 pushad 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E62B0 second address: 8E633F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F991CD1469Eh 0x0000000a popad 0x0000000b xor dword ptr [esp], 295FE73Eh 0x00000012 mov dx, A728h 0x00000016 push 00000003h 0x00000018 sub dh, FFFFFFC2h 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ecx 0x00000020 call 00007F991CD14698h 0x00000025 pop ecx 0x00000026 mov dword ptr [esp+04h], ecx 0x0000002a add dword ptr [esp+04h], 00000018h 0x00000032 inc ecx 0x00000033 push ecx 0x00000034 ret 0x00000035 pop ecx 0x00000036 ret 0x00000037 mov cx, 8611h 0x0000003b push 00000003h 0x0000003d push 00000000h 0x0000003f push edi 0x00000040 call 00007F991CD14698h 0x00000045 pop edi 0x00000046 mov dword ptr [esp+04h], edi 0x0000004a add dword ptr [esp+04h], 00000019h 0x00000052 inc edi 0x00000053 push edi 0x00000054 ret 0x00000055 pop edi 0x00000056 ret 0x00000057 push F4803C66h 0x0000005c pushad 0x0000005d jmp 00007F991CD146A8h 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E633F second address: 8E6376 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xor dword ptr [esp], 34803C66h 0x00000011 mov dword ptr [ebp+122D2D8Dh], edi 0x00000017 lea ebx, dword ptr [ebp+12451125h] 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jl 00007F991CEDCA72h 0x00000026 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E6537 second address: 8E653B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E653B second address: 8E6565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F991CEDCA75h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jno 00007F991CEDCA66h 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E6565 second address: 8E658A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F991CD14696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F991CD146A6h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E658A second address: 8E65B9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F991CEDCA76h 0x00000008 jmp 00007F991CEDCA70h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F991CEDCA6Dh 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E65B9 second address: 8E65BF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E65BF second address: 8E65F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push ecx 0x0000000c and edi, dword ptr [ebp+122D2D40h] 0x00000012 pop edi 0x00000013 push 00000003h 0x00000015 mov edi, dword ptr [ebp+122D3831h] 0x0000001b push 00000000h 0x0000001d or dword ptr [ebp+122D2D33h], edx 0x00000023 push 00000003h 0x00000025 mov ecx, eax 0x00000027 push FEFF98F2h 0x0000002c pushad 0x0000002d je 00007F991CEDCA68h 0x00000033 push ecx 0x00000034 pop ecx 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E65F7 second address: 8E6620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 xor dword ptr [esp], 3EFF98F2h 0x0000000f mov dl, cl 0x00000011 lea ebx, dword ptr [ebp+12451139h] 0x00000017 pushad 0x00000018 mov dl, cl 0x0000001a xor edx, 1C4F4AB2h 0x00000020 popad 0x00000021 movsx ecx, bx 0x00000024 xchg eax, ebx 0x00000025 push ecx 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E6620 second address: 8E6630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F991CEDCA66h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8E6630 second address: 8E6634 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9060CC second address: 9060D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9060D0 second address: 9060DC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jl 00007F991CD14696h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9060DC second address: 9060E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 906247 second address: 90625A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F991CD1469Fh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 906550 second address: 906555 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 906555 second address: 906580 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F991CD146A9h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007F991CD14696h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 906580 second address: 90658B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 90669E second address: 9066C4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F991CD14696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F991CD146A8h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9066C4 second address: 9066DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA73h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9066DB second address: 9066E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 906C73 second address: 906C8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F991CEDCA72h 0x0000000c pop ecx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8F9F07 second address: 8F9F0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8C690B second address: 8C6924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jne 00007F991CEDCA6Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F991CEDCA66h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 907A18 second address: 907A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 907D1E second address: 907D22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 907D22 second address: 907D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8C6900 second address: 8C690B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 90ABBA second address: 90ABD8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F991CD14698h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F991CD1469Ah 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push edx 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8CB98C second address: 8CB998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F991CEDCA66h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 90D8F4 second address: 90D8F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 90E114 second address: 90E11A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 90E11A second address: 90E132 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F991CD146A4h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 90E132 second address: 90E136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 90E136 second address: 90E148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jng 00007F991CD1469Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 90F2FB second address: 90F300 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 90F300 second address: 90F306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8CF05D second address: 8CF06B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F991CEDCA66h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 914BC2 second address: 914BCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007F991CD14696h 0x0000000c popad 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 914BCF second address: 914BD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 914BD5 second address: 914BEF instructions: 0x00000000 rdtsc 0x00000002 jp 00007F991CD14696h 0x00000008 jmp 00007F991CD1469Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 914BEF second address: 914BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 914BF5 second address: 914BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 915391 second address: 915399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 915399 second address: 9153A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jg 00007F991CD14696h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9153A9 second address: 9153AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 915EAC second address: 915EC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F991CD146A3h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 915EC3 second address: 915EE3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jne 00007F991CEDCA6Ah 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push ebx 0x00000014 jp 00007F991CEDCA6Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 915EE3 second address: 915F6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov eax, dword ptr [eax] 0x00000007 push esi 0x00000008 pushad 0x00000009 js 00007F991CD14696h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 jl 00007F991CD146ABh 0x0000001d jmp 00007F991CD146A5h 0x00000022 pop eax 0x00000023 push 00000000h 0x00000025 push edx 0x00000026 call 00007F991CD14698h 0x0000002b pop edx 0x0000002c mov dword ptr [esp+04h], edx 0x00000030 add dword ptr [esp+04h], 00000018h 0x00000038 inc edx 0x00000039 push edx 0x0000003a ret 0x0000003b pop edx 0x0000003c ret 0x0000003d push FC91BBD7h 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 jmp 00007F991CD146A9h 0x0000004a jmp 00007F991CD146A3h 0x0000004f popad 0x00000050 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 916C88 second address: 916C8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 916D10 second address: 916D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 916D16 second address: 916D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 916D1A second address: 916D2B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F991CD14696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 916FB2 second address: 916FC0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 917883 second address: 917887 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 919151 second address: 919157 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 919157 second address: 91916B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F991CD1469Dh 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91916B second address: 91916F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91916F second address: 9191B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov di, 8D90h 0x0000000e movzx esi, si 0x00000011 push 00000000h 0x00000013 xor esi, dword ptr [ebp+122D38C1h] 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007F991CD14698h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 js 00007F991CD14698h 0x0000003e push eax 0x0000003f pop eax 0x00000040 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9191B1 second address: 9191B6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 919B75 second address: 919B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91A55C second address: 91A560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91A560 second address: 91A564 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8D8FB8 second address: 8D8FDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F991CEDCA66h 0x0000000a je 00007F991CEDCA66h 0x00000010 popad 0x00000011 pushad 0x00000012 jns 00007F991CEDCA66h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a push eax 0x0000001b pop eax 0x0000001c push edi 0x0000001d pop edi 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8D8FDB second address: 8D8FE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91DE47 second address: 91DE5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 921D5E second address: 921D62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 921D62 second address: 921D7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 921D7D second address: 921D82 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 923D70 second address: 923DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F991CEDCA72h 0x00000009 popad 0x0000000a jno 00007F991CEDCA6Ch 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 jp 00007F991CEDCA68h 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F991CEDCA6Ch 0x00000020 popad 0x00000021 nop 0x00000022 push 00000000h 0x00000024 push edi 0x00000025 call 00007F991CEDCA68h 0x0000002a pop edi 0x0000002b mov dword ptr [esp+04h], edi 0x0000002f add dword ptr [esp+04h], 00000015h 0x00000037 inc edi 0x00000038 push edi 0x00000039 ret 0x0000003a pop edi 0x0000003b ret 0x0000003c mov edi, edx 0x0000003e push 00000000h 0x00000040 clc 0x00000041 push 00000000h 0x00000043 mov dword ptr [ebp+12462751h], esi 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d jo 00007F991CEDCA66h 0x00000053 pushad 0x00000054 popad 0x00000055 popad 0x00000056 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 922F84 second address: 922F8E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F991CD1469Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 923DE3 second address: 923DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F991CEDCA6Fh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 925CBE second address: 925D21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD146A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F991CD14698h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 and edi, dword ptr [ebp+122D3699h] 0x0000002b push 00000000h 0x0000002d mov dword ptr [ebp+1247532Ch], eax 0x00000033 push 00000000h 0x00000035 mov ebx, dword ptr [ebp+122D20DEh] 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F991CD1469Dh 0x00000045 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 925D21 second address: 925D2B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F991CEDCA66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 927E55 second address: 927E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F991CD146A2h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 925E7E second address: 925E82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 927E6C second address: 927E71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 925E82 second address: 925E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 925E88 second address: 925E92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F991CD14696h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9283AB second address: 928449 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F991CEDCA76h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F991CEDCA68h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a push 00000000h 0x0000002c mov di, 3AB1h 0x00000030 xor dword ptr [ebp+122D207Bh], ebx 0x00000036 push 00000000h 0x00000038 and di, FB2Bh 0x0000003d jmp 00007F991CEDCA79h 0x00000042 xchg eax, esi 0x00000043 jmp 00007F991CEDCA79h 0x00000048 push eax 0x00000049 pushad 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 928449 second address: 92844F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9292C9 second address: 9292CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 92856F second address: 928574 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9292CD second address: 929348 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F991CEDCA78h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F991CEDCA68h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 mov bx, si 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007F991CEDCA68h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 0000001Ah 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 push 00000000h 0x0000004a js 00007F991CEDCA68h 0x00000050 mov ebx, eax 0x00000052 push eax 0x00000053 push esi 0x00000054 pushad 0x00000055 jnl 00007F991CEDCA66h 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 928574 second address: 92860B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D283Eh], esi 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F991CD14698h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 0000001Bh 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 mov bx, 212Ch 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c sub edi, dword ptr [ebp+122D3931h] 0x00000042 mov eax, dword ptr [ebp+122D0A39h] 0x00000048 sbb bh, 00000002h 0x0000004b push FFFFFFFFh 0x0000004d push 00000000h 0x0000004f push edi 0x00000050 call 00007F991CD14698h 0x00000055 pop edi 0x00000056 mov dword ptr [esp+04h], edi 0x0000005a add dword ptr [esp+04h], 0000001Bh 0x00000062 inc edi 0x00000063 push edi 0x00000064 ret 0x00000065 pop edi 0x00000066 ret 0x00000067 sub ebx, dword ptr [ebp+122D367Dh] 0x0000006d push eax 0x0000006e push eax 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007F991CD146A4h 0x00000076 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 92A4A5 second address: 92A4B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F991CEDCA6Eh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 92C25F second address: 92C2B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, esi 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F991CD14698h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 sbb bl, 00000053h 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edi 0x00000031 call 00007F991CD14698h 0x00000036 pop edi 0x00000037 mov dword ptr [esp+04h], edi 0x0000003b add dword ptr [esp+04h], 00000016h 0x00000043 inc edi 0x00000044 push edi 0x00000045 ret 0x00000046 pop edi 0x00000047 ret 0x00000048 xchg eax, esi 0x00000049 jng 00007F991CD146B5h 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 92D122 second address: 92D131 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F991CEDCA66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 92D131 second address: 92D144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F991CD14696h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F991CD14696h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 92D144 second address: 92D1A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F991CEDCA68h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 jmp 00007F991CEDCA75h 0x00000027 mov dword ptr [ebp+1245185Dh], ecx 0x0000002d push 00000000h 0x0000002f and edi, dword ptr [ebp+122D36D1h] 0x00000035 adc edi, 5A93730Fh 0x0000003b push 00000000h 0x0000003d ja 00007F991CEDCA69h 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 push esi 0x00000049 pop esi 0x0000004a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 92D1A4 second address: 92D1A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 92D1A8 second address: 92D1AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8D7565 second address: 8D756B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8D756B second address: 8D7571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9304C5 second address: 9304CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9304CA second address: 93050E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F991CEDCA68h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ebx, dword ptr [ebp+122D3945h] 0x00000011 push 00000000h 0x00000013 sub dword ptr [ebp+122D2F92h], ebx 0x00000019 push 00000000h 0x0000001b jne 00007F991CEDCA7Ch 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 je 00007F991CEDCA6Ch 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 92C3CD second address: 92C3D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 93050E second address: 930512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 92C4B0 second address: 92C4D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD146A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F991CD146A0h 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 931640 second address: 93165D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F991CEDCA73h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 93165D second address: 931701 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD146A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F991CD14698h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 jno 00007F991CD14699h 0x0000002a push dword ptr fs:[00000000h] 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007F991CD14698h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 00000017h 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b mov edi, dword ptr [ebp+12450AD1h] 0x00000051 mov dword ptr fs:[00000000h], esp 0x00000058 push eax 0x00000059 jnl 00007F991CD14696h 0x0000005f pop ebx 0x00000060 mov eax, dword ptr [ebp+122D029Dh] 0x00000066 call 00007F991CD1469Bh 0x0000006b xor dword ptr [ebp+122D20E8h], edx 0x00000071 pop ebx 0x00000072 push FFFFFFFFh 0x00000074 xor edi, 5C13D1EDh 0x0000007a nop 0x0000007b push edi 0x0000007c pushad 0x0000007d push esi 0x0000007e pop esi 0x0000007f push eax 0x00000080 push edx 0x00000081 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 931701 second address: 931727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F991CEDCA79h 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 931727 second address: 93172D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9387D0 second address: 93883B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F991CEDCA70h 0x00000009 jmp 00007F991CEDCA6Ah 0x0000000e popad 0x0000000f jmp 00007F991CEDCA78h 0x00000014 popad 0x00000015 push ebx 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 jmp 00007F991CEDCA75h 0x0000001e jmp 00007F991CEDCA74h 0x00000023 popad 0x00000024 push edi 0x00000025 push edi 0x00000026 pop edi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 93D914 second address: 93D91A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 93D4E4 second address: 93D4E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 947EB4 second address: 947EF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD1469Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F991CD1469Fh 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007F991CD146A2h 0x00000016 push edx 0x00000017 pop edx 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 947EF0 second address: 947EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 8CD449 second address: 8CD44D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9471E9 second address: 947203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F991CEDCA75h 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 947370 second address: 947383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F991CD1469Eh 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 947383 second address: 9473B1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F991CEDCA79h 0x00000008 push edi 0x00000009 jmp 00007F991CEDCA70h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9473B1 second address: 9473CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d jmp 00007F991CD1469Fh 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9473CD second address: 9473D7 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F991CEDCA6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9478D7 second address: 9478DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9478DB second address: 9478F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F991CEDCA6Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007F991CEDCA66h 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9478F9 second address: 947906 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 947906 second address: 947910 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F991CEDCA66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94DA33 second address: 94DA6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD1469Eh 0x00000007 jmp 00007F991CD146A9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f jbe 00007F991CD146BBh 0x00000015 jc 00007F991CD146B5h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94CDF9 second address: 94CDFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94CDFD second address: 94CE2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD146A2h 0x00000007 jnl 00007F991CD14696h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007F991CD146A2h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94CE2B second address: 94CE50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA78h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jl 00007F991CEDCA66h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94CE50 second address: 94CE80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F991CD14696h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jc 00007F991CD146B9h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F991CD146A9h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94C4E1 second address: 94C4E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94C4E7 second address: 94C506 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD146A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a ja 00007F991CD14696h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94D165 second address: 94D173 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94D2DF second address: 94D2E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94D42D second address: 94D43F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jg 00007F991CEDCA66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94D43F second address: 94D443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94D742 second address: 94D758 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F991CEDCA6Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94D758 second address: 94D75C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 94D75C second address: 94D760 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9539B7 second address: 9539CC instructions: 0x00000000 rdtsc 0x00000002 jg 00007F991CD14696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F991CD146B5h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9539CC second address: 9539FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F991CEDCA79h 0x00000009 push edi 0x0000000a jmp 00007F991CEDCA70h 0x0000000f pop edi 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 952208 second address: 952221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007F991CD146A2h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 952221 second address: 952226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 952226 second address: 95222B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95C42A second address: 95C43E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F991CEDCA6Bh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95B3BE second address: 95B3E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F991CD1469Dh 0x0000000b jp 00007F991CD1469Ch 0x00000011 jnp 00007F991CD146A2h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91F0C4 second address: 91F0CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91F0CA second address: 8F9F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F991CD14698h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 mov di, bx 0x00000025 call dword ptr [ebp+122D1C58h] 0x0000002b jnc 00007F991CD146B1h 0x00000031 push eax 0x00000032 push edx 0x00000033 push edx 0x00000034 jmp 00007F991CD1469Eh 0x00000039 pop edx 0x0000003a pushad 0x0000003b push edx 0x0000003c pop edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91F18F second address: 91F222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 xchg eax, ebx 0x00000005 mov cl, FBh 0x00000007 push dword ptr fs:[00000000h] 0x0000000e add dword ptr [ebp+1244AFC1h], ecx 0x00000014 mov dword ptr fs:[00000000h], esp 0x0000001b jc 00007F991CEDCA67h 0x00000021 cmc 0x00000022 mov dword ptr [ebp+12489E0Ch], esp 0x00000028 push eax 0x00000029 cmc 0x0000002a pop edx 0x0000002b cmp dword ptr [ebp+122D37F5h], 00000000h 0x00000032 jne 00007F991CEDCB63h 0x00000038 jmp 00007F991CEDCA77h 0x0000003d mov byte ptr [ebp+122D2CD5h], 00000047h 0x00000044 push 00000000h 0x00000046 push edx 0x00000047 call 00007F991CEDCA68h 0x0000004c pop edx 0x0000004d mov dword ptr [esp+04h], edx 0x00000051 add dword ptr [esp+04h], 00000015h 0x00000059 inc edx 0x0000005a push edx 0x0000005b ret 0x0000005c pop edx 0x0000005d ret 0x0000005e mov dword ptr [ebp+122D27AAh], esi 0x00000064 adc dh, FFFFFFD3h 0x00000067 mov ecx, dword ptr [ebp+122D397Dh] 0x0000006d mov eax, D49AA7D2h 0x00000072 mov dword ptr [ebp+124520B5h], eax 0x00000078 nop 0x00000079 pushad 0x0000007a push eax 0x0000007b push edx 0x0000007c push edx 0x0000007d pop edx 0x0000007e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91F499 second address: 768A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+12451101h], eax 0x00000011 push dword ptr [ebp+122D0C69h] 0x00000017 movsx edi, bx 0x0000001a call dword ptr [ebp+122D2D14h] 0x00000020 pushad 0x00000021 xor dword ptr [ebp+122D1BB6h], esi 0x00000027 xor eax, eax 0x00000029 stc 0x0000002a mov edx, dword ptr [esp+28h] 0x0000002e mov dword ptr [ebp+122D1BBEh], esi 0x00000034 mov dword ptr [ebp+122D38E9h], eax 0x0000003a jbe 00007F991CD1469Ch 0x00000040 mov esi, 0000003Ch 0x00000045 jmp 00007F991CD1469Ch 0x0000004a add esi, dword ptr [esp+24h] 0x0000004e cmc 0x0000004f lodsw 0x00000051 clc 0x00000052 cmc 0x00000053 add eax, dword ptr [esp+24h] 0x00000057 cmc 0x00000058 mov ebx, dword ptr [esp+24h] 0x0000005c or dword ptr [ebp+122D1BB6h], edx 0x00000062 nop 0x00000063 jng 00007F991CD1469Eh 0x00000069 push eax 0x0000006a jg 00007F991CD146A4h 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91F670 second address: 91F69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F991CEDCA66h 0x0000000a popad 0x0000000b pop ebx 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007F991CEDCA79h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91F69B second address: 91F6A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F991CD14696h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91FB23 second address: 91FB27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91FB27 second address: 91FB48 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F991CD14696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F991CD14698h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F991CD1469Bh 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91FF51 second address: 91FF9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D21CDh], eax 0x00000010 push 0000001Eh 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F991CEDCA68h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c nop 0x0000002d push eax 0x0000002e push eax 0x0000002f push ebx 0x00000030 pop ebx 0x00000031 pop eax 0x00000032 pop eax 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007F991CEDCA71h 0x0000003b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91FF9D second address: 91FFA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95B8E5 second address: 95B8FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F991CEDCA6Fh 0x0000000d pop edi 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95B8FD second address: 95B91C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD146A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95B91C second address: 95B924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BA77 second address: 95BA7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BA7D second address: 95BA81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BA81 second address: 95BA8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F991CD146A2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BD3A second address: 95BD40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BD40 second address: 95BD44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BD44 second address: 95BD4A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BD4A second address: 95BD50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BD50 second address: 95BD54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BD54 second address: 95BD5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BFCD second address: 95BFD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95BFD1 second address: 95C007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F991CD146A7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F991CD146A9h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95C007 second address: 95C013 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F991CEDCA66h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95C013 second address: 95C017 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95C017 second address: 95C023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 95C023 second address: 95C044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F991CD14696h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F991CD1469Fh 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96076A second address: 960770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 960770 second address: 96077E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 jg 00007F991CD14696h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96077E second address: 96079F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push edx 0x0000000e pop edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 jp 00007F991CEDCA68h 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push esi 0x0000001c pop esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 962A82 second address: 962A86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 965801 second address: 965805 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 965805 second address: 965821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F991CD146A3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 965821 second address: 965832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F991CEDCA6Ch 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 965832 second address: 96583E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96583E second address: 965842 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96EE68 second address: 96EE79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F991CD14696h 0x0000000a jo 00007F991CD14696h 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96F027 second address: 96F051 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 pushad 0x00000009 jnl 00007F991CEDCA66h 0x0000000f jno 00007F991CEDCA66h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 jp 00007F991CEDCA6Ah 0x0000001e push eax 0x0000001f push edx 0x00000020 js 00007F991CEDCA66h 0x00000026 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96F1BA second address: 96F1E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F991CD146B5h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96F345 second address: 96F353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F991CEDCA6Eh 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96F353 second address: 96F36B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F991CD146A8h 0x0000000a jmp 00007F991CD1469Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96F4EF second address: 96F52C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F991CEDCA66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007F991CEDCA6Eh 0x00000010 jbe 00007F991CEDCA68h 0x00000016 push edx 0x00000017 pop edx 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c jng 00007F991CEDCA66h 0x00000022 jmp 00007F991CEDCA6Ch 0x00000027 push edi 0x00000028 pop edi 0x00000029 popad 0x0000002a push edi 0x0000002b push edx 0x0000002c pop edx 0x0000002d pop edi 0x0000002e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96F687 second address: 96F68D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96F68D second address: 96F6B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA6Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F991CEDCA75h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96F6B9 second address: 96F6BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 96F6BD second address: 96F6C9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F991CEDCA66h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 975CE2 second address: 975CE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 974544 second address: 97454C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97483A second address: 97483F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97497A second address: 97497E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97497E second address: 974984 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 974984 second address: 974988 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 974C77 second address: 974CAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F991CD146A9h 0x0000000d jmp 00007F991CD146A3h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91FDD0 second address: 91FDD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 91FDD4 second address: 91FDE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 974DF3 second address: 974E0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F991CEDCA73h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 974E0C second address: 974E28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F991CD146A4h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97500E second address: 975019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F991CEDCA66h 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97DCA1 second address: 97DCAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97DCAD second address: 97DCB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97DCB1 second address: 97DCBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97DCBC second address: 97DCC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97DCC4 second address: 97DCCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97DCCD second address: 97DCD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97DFFC second address: 97E001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97E2CC second address: 97E2D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F991CEDCA68h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97E2D9 second address: 97E2FA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F991CD14698h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jmp 00007F991CD1469Bh 0x00000010 push edx 0x00000011 jl 00007F991CD14696h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97E608 second address: 97E60C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97EB11 second address: 97EB1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97EE2C second address: 97EE30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 97EE30 second address: 97EE36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 983659 second address: 983674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jnp 00007F991CEDCA76h 0x0000000b jmp 00007F991CEDCA70h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9829A7 second address: 9829AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9829AB second address: 9829B6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 982B26 second address: 982B40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD1469Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 982B40 second address: 982B46 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9830A2 second address: 9830A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9830A6 second address: 9830AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9830AA second address: 9830B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9830B0 second address: 9830BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9830BA second address: 9830BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9830BE second address: 9830C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9830C2 second address: 9830CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 98323D second address: 983275 instructions: 0x00000000 rdtsc 0x00000002 js 00007F991CEDCA66h 0x00000008 jmp 00007F991CEDCA78h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 jmp 00007F991CEDCA73h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 988431 second address: 988435 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 988435 second address: 988454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F991CEDCA66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F991CEDCA73h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 988454 second address: 98845A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 98845A second address: 988472 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F991CEDCA6Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push ecx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 99222F second address: 99224F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD146A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jg 00007F991CD14696h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9904FB second address: 990513 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F991CEDCA66h 0x0000000e jmp 00007F991CEDCA6Ah 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 990513 second address: 990538 instructions: 0x00000000 rdtsc 0x00000002 je 00007F991CD14696h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007F991CD146A6h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9907A2 second address: 9907A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 990E69 second address: 990E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 990FC3 second address: 990FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push edx 0x0000000f pop edx 0x00000010 jl 00007F991CEDCA66h 0x00000016 popad 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 991896 second address: 99189F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 99189F second address: 9918B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F991CEDCA6Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 992028 second address: 992033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 992033 second address: 992037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 992037 second address: 992048 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD1469Bh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 992048 second address: 992066 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F991CEDCA79h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 992066 second address: 99208F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F991CD146A9h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jl 00007F991CD1469Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 98FF7B second address: 98FFAA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 jnc 00007F991CEDCA68h 0x0000000e pushad 0x0000000f je 00007F991CEDCA66h 0x00000015 jnp 00007F991CEDCA66h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F991CEDCA6Fh 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 98FFAA second address: 98FFAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9983DD second address: 9983E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9983E3 second address: 9983EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9983EC second address: 9983F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9983F0 second address: 998414 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F991CD14696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pushad 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f je 00007F991CD14696h 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F991CD1469Ch 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 997F88 second address: 997FA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA76h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 999AB7 second address: 999ACD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F991CD1469Fh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9A6E76 second address: 9A6E7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9A6E7C second address: 9A6E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F991CD14696h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9A6E88 second address: 9A6E95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F991CEDCA66h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9A6E95 second address: 9A6E9F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F991CD14696h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9A6E9F second address: 9A6EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9A6EA5 second address: 9A6EAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F991CD14696h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9A6EAF second address: 9A6ECF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnl 00007F991CEDCA68h 0x0000000f jbe 00007F991CEDCA6Ch 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9A6ECF second address: 9A6ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9A69E7 second address: 9A69F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jc 00007F991CEDCA66h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9ABB9C second address: 9ABBAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD1469Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9ABBAD second address: 9ABBB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9ABBB6 second address: 9ABBCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F991CD146A0h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9ABBCE second address: 9ABC09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F991CEDCA86h 0x0000000b jmp 00007F991CEDCA6Dh 0x00000010 jmp 00007F991CEDCA73h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F991CEDCA6Eh 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9AD85D second address: 9AD863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9B4BC1 second address: 9B4BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9B4BCB second address: 9B4BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9B4BD6 second address: 9B4BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9B7268 second address: 9B7276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jl 00007F991CD14696h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9B7276 second address: 9B728E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push esi 0x00000008 js 00007F991CEDCA66h 0x0000000e pop esi 0x0000000f pushad 0x00000010 jbe 00007F991CEDCA66h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9B728E second address: 9B72CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F991CD1469Eh 0x0000000b popad 0x0000000c push edi 0x0000000d jmp 00007F991CD146A5h 0x00000012 pop edi 0x00000013 push eax 0x00000014 jmp 00007F991CD1469Eh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C8436 second address: 9C843A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C843A second address: 9C8446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C6CE0 second address: 9C6CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C6CE4 second address: 9C6CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F991CD1469Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C6CF2 second address: 9C6CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C6CF6 second address: 9C6CFB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C6E56 second address: 9C6E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C6FC2 second address: 9C6FD6 instructions: 0x00000000 rdtsc 0x00000002 js 00007F991CD14696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ecx 0x0000000c jl 00007F991CD1469Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C73CE second address: 9C73FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F991CEDCA6Ch 0x0000000e pushad 0x0000000f jmp 00007F991CEDCA6Ah 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jmp 00007F991CEDCA6Bh 0x0000001b popad 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C75A8 second address: 9C7608 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CD1469Bh 0x00000007 push ebx 0x00000008 jmp 00007F991CD1469Dh 0x0000000d pop ebx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 js 00007F991CD1469Eh 0x00000017 jnc 00007F991CD14696h 0x0000001d push edx 0x0000001e pop edx 0x0000001f pushad 0x00000020 jmp 00007F991CD146A8h 0x00000025 jmp 00007F991CD1469Bh 0x0000002a je 00007F991CD14696h 0x00000030 popad 0x00000031 js 00007F991CD146A2h 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9C7608 second address: 9C760E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9CB5F2 second address: 9CB5FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9CB5FA second address: 9CB5FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9CB5FF second address: 9CB617 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F991CD14698h 0x00000008 pushad 0x00000009 popad 0x0000000a jno 00007F991CD14698h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9D6463 second address: 9D6489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F991CEDCA66h 0x0000000d jmp 00007F991CEDCA79h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9D6489 second address: 9D648F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9D648F second address: 9D6495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9D6495 second address: 9D64B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F991CD1469Ah 0x00000009 jmp 00007F991CD1469Dh 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9D64B0 second address: 9D64B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9EA1B5 second address: 9EA1E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F991CD146A1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jo 00007F991CD14696h 0x00000012 jmp 00007F991CD1469Fh 0x00000017 push edx 0x00000018 pop edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9E9FE8 second address: 9E9FEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9E9FEE second address: 9E9FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9E9FF4 second address: 9EA023 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA79h 0x00000007 jbe 00007F991CEDCA6Ah 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 push edi 0x00000017 pop edi 0x00000018 push eax 0x00000019 pop eax 0x0000001a pop ebx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9ED0E3 second address: 9ED0F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F991CD14696h 0x0000000a jne 00007F991CD14696h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 9ED0F3 second address: 9ED112 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A02DAF second address: A02DBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A02F28 second address: A02F2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A02F2C second address: A02F38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F991CD14696h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A02F38 second address: A02F40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A02F40 second address: A02F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A02F44 second address: A02F52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F991CEDCA6Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A030B2 second address: A030BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A03209 second address: A03221 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA72h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A03221 second address: A0322B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F991CD14696h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A03397 second address: A033AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F991CEDCA66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 jnp 00007F991CEDCA66h 0x00000017 popad 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A03890 second address: A03899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A03899 second address: A0389E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A0389E second address: A038CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F991CD1469Bh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F991CD146A9h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A09998 second address: A099B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F991CEDCA6Dh 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A099B6 second address: A099C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jnc 00007F991CD1469Eh 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A09D32 second address: A09D36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A09D36 second address: A09D44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A09D44 second address: A09D48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A09D48 second address: A09D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 ja 00007F991CD14696h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A09D60 second address: A09D82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F991CEDCA72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d js 00007F991CEDCA6Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A0B8CA second address: A0B8E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F991CD146A0h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A0D40C second address: A0D410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: A0D410 second address: A0D416 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 918BDA second address: 918BFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F991CEDCA77h 0x0000000f jmp 00007F991CEDCA71h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRDTSC instruction interceptor: First address: 918FEB second address: 918FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Tries to evade debugger and weak emulator (self modifying code)
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSpecial instruction interceptor: First address: 768A16 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSpecial instruction interceptor: First address: 768AA9 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSpecial instruction interceptor: First address: 90EDA4 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSpecial instruction interceptor: First address: 90F148 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSpecial instruction interceptor: First address: 90D70C instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00768665 rdtsc 0_2_00768665
      Source: C:\Users\user\Desktop\GHXsFkoroU.exe TID: 412Thread sleep time: -90000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exe TID: 6556Thread sleep time: -30000s >= -30000sJump to behavior
      Source: GHXsFkoroU.exe, GHXsFkoroU.exe, 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
      Source: GHXsFkoroU.exe, 00000000.00000002.2135887360.0000000001417000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001417000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW'
      Source: GHXsFkoroU.exe, 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Hides threads from debuggers
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeThread information set: HideFromDebuggerJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (window names)
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeOpen window title or class name: regmonclass
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeOpen window title or class name: gbdyllo
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeOpen window title or class name: procmon_window_class
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeOpen window title or class name: ollydbg
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeOpen window title or class name: filemonclass
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeFile opened: NTICE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeFile opened: SICE
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeFile opened: SIWVID
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_00768665 rdtsc 0_2_00768665
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeCode function: 0_2_0074E110 LdrInitializeThunk,0_2_0074E110

      HIPS / PFW / Operating System Protection Evasion

      barindex
      LummaC encrypted strings found
      Source: GHXsFkoroU.exeString found in binary or memory: hummskitnj.buzz
      Source: GHXsFkoroU.exeString found in binary or memory: cashfuzysao.buzz
      Source: GHXsFkoroU.exeString found in binary or memory: appliacnesot.buzz
      Source: GHXsFkoroU.exeString found in binary or memory: screwamusresz.buzz
      Source: GHXsFkoroU.exeString found in binary or memory: inherineau.buzz
      Source: GHXsFkoroU.exeString found in binary or memory: scentniej.buzz
      Source: GHXsFkoroU.exeString found in binary or memory: rebuildeso.buzz
      Source: GHXsFkoroU.exeString found in binary or memory: prisonyfork.buzz
      Source: GHXsFkoroU.exeString found in binary or memory: mindhandru.buzz
      Source: GHXsFkoroU.exe, GHXsFkoroU.exe, 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: `Program Manager
      Source: C:\Users\user\Desktop\GHXsFkoroU.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Command and Scripting Interpreter      		1
      DLL Side-Loading      		1
      Process Injection      		24
      Virtualization/Sandbox Evasion      		OS Credential Dumping641
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      PowerShell      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory24
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Deobfuscate/Decode Files or Information      		Security Account Manager2
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture114
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
      Software Packing      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      GHXsFkoroU.exe61%ReversingLabsWin32.Trojan.Amadey
      GHXsFkoroU.exe56%VirustotalBrowse
      GHXsFkoroU.exe100%AviraTR/Crypt.XPACK.Gen
      GHXsFkoroU.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://community.fastly.steamst0%Avira URL Cloudsafe
      https://community.fastly.steams0%Avira URL Cloudsafe
      https://lev-tolstoi.com/f100%Avira URL Cloudmalware
      https://lev-tolstoi.com/l1100%Avira URL Cloudmalware
      https://player.vi0%Avira URL Cloudsafe
      https://help.steampo0%Avira URL Cloudsafe
      https://lev-tolstoi.com/.valvea100%Avira URL Cloudmalware
      https://login.steampowereV0%Avira URL Cloudsafe
      https://cdn.fastly.steam0%Avira URL Cloudsafe
      https://lev-tolstoi.com/api-100%Avira URL Cloudmalware
      https://checkout.steampowered.0%Avira URL Cloudsafe
      https://api.steampowered.c0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      		23.55.153.106
      		truefalse
        		high
        lev-tolstoi.com
        		104.21.66.86
        		truefalse
          		high
          cashfuzysao.buzz
          		unknown
          		unknownfalse
            		high
            scentniej.buzz
            		unknown
            		unknownfalse
              		high
              inherineau.buzz
              		unknown
              		unknownfalse
                		high
                prisonyfork.buzz
                		unknown
                		unknownfalse
                  		high
                  rebuildeso.buzz
                  		unknown
                  		unknownfalse
                    		high
                    appliacnesot.buzz
                    		unknown
                    		unknownfalse
                      		high
                      hummskitnj.buzz
                      		unknown
                      		unknownfalse
                        		high
                        mindhandru.buzz
                        		unknown
                        		unknownfalse
                          		high
                          screwamusresz.buzz
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            scentniej.buzzfalse
                              		high
                              https://steamcommunity.com/profiles/76561199724331900false
                                		high
                                rebuildeso.buzzfalse
                                  		high
                                  appliacnesot.buzzfalse
                                    		high
                                    screwamusresz.buzzfalse
                                      		high
                                      cashfuzysao.buzzfalse
                                        		high
                                        inherineau.buzzfalse
                                          		high
                                          https://lev-tolstoi.com/apifalse
                                            		high
                                            hummskitnj.buzzfalse
                                              		high
                                              mindhandru.buzzfalse
                                                		high
                                                prisonyfork.buzzfalse
                                                  		high

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngGHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampGHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://steamcommunity.com/?subsection=broadcastsGHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://community.fastly.steamstGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://store.steampowered.com/subscriber_agreement/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.valvesoftware.com/legal.htmGHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.youtube.comGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://lev-tolstoi.com/l1GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackGHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englGHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englisGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://s.ytimg.com;GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/css/GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://lev-tolstoi.com/fGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://community.fastly.steamstatic.com/GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://steamcommunity.com/lGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://lev-tolstoi.com/GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001455000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://store.steampowered.com/privacy_agreement/GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://store.steampowered.com/points/shop/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&aGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://sketchfab.comGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://lv.queniujq.cnGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://steamcommunity.com/profiles/76561199724331900/inventory/GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001446000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2135887360.0000000001446000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://store.steampowered.com/privacy_agreement/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engGHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://login.steampowereVGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.google.com/recaptcha/GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://player.viGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://store.steampowered.com/about/GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://steamcommunity.com/my/wishlist/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://community.fastly.steamsGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://help.steampowered.com/en/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://steamcommunity.com/market/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://store.steampowered.com/news/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://store.steampowered.com/subscriber_agreement/GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgGHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steamcommunity.com/discussions/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/stats/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUGHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://lev-tolstoi.com/.valveaGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                        		unknown
                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngGHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&aGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://store.steampowered.com/steam_refunds/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aGHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=eGHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://help.steampoGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://steamcommunity.com/workshop/GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://store.steampowered.com/legal/GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engGHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&aGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=englGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javGHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://store.steampowered.com/GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&amp;l=eGHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://lev-tolstoi.com/api-GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngGHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://127.0.0.1:27060GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgGHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://cdn.fastly.steamGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://checkout.steampowered.GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQGHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://api.steampowered.com/GHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://store.steampowered.com/account/cookiepreferences/GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://store.steampowered.com/mobileGHXsFkoroU.exe, 00000000.00000002.2136201793.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://steamcommunity.com/GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81GHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://lev-tolstoi.com/piGHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001432000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2135887360.0000000001432000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://api.steampowered.cGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;lGHXsFkoroU.exe, 00000000.00000003.2130625918.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130555729.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000002.2136088469.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130362992.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://steamcommunity.com/profiles/76561199724331900/badgesGHXsFkoroU.exe, 00000000.00000003.2121400725.0000000001449000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121466598.0000000001469000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2130332071.00000000014BD000.00000004.00000020.00020000.00000000.sdmp, GHXsFkoroU.exe, 00000000.00000003.2121349074.00000000014B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      104.21.66.86
                                                                                                                                                                                                      		lev-tolstoi.comUnited States
                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                      23.55.153.106
                                                                                                                                                                                                      		steamcommunity.comUnited States
                                                                                                                                                                                                      		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                      Analysis ID:1581623
                                                                                                                                                                                                      Start date and time:2024-12-28 10:02:03 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 3m 13s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:2
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:GHXsFkoroU.exe
                                                                                                                                                                                                      renamed because original name is a hash value
                                                                                                                                                                                                      Original Sample Name:2e0d4188fa62f1816c960adcf5be1a01.exe
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal100.troj.evad.winEXE@1/0@11/2
                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                      • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      04:02:54API Interceptor9x Sleep call for process: GHXsFkoroU.exe modified

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                      23.55.153.1065Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse

                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          lev-tolstoi.com5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          FfcoO2Giru.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          steamcommunity.com5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 23.55.153.106

                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          AKAMAI-ASN1EU5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          CLOUDFLARENETUSTNyOrM6mIM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.2.51
                                                                                                                                                                                                                          5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          8WFJ38EJo5.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 104.21.66.86

                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1TNyOrM6mIM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          5Z19n7XRT1.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          TdloJt4gY3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          3LUyRfIoKs.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          726odELDs8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          Tqa1vDp9NT.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          YrWaRb0IKJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          2S6U7zz1Jg.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          v5Evrl41VR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          • 23.55.153.106
                                                                                                                                                                                                                          H1iOI9vWfh.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.66.86
                                                                                                                                                                                                                          • 23.55.153.106

                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                          No created / dropped files found

                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Entropy (8bit):7.949098665868653
                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                          File name:GHXsFkoroU.exe
                                                                                                                                                                                                                          File size:1'909'760 bytes
                                                                                                                                                                                                                          MD5:2e0d4188fa62f1816c960adcf5be1a01
                                                                                                                                                                                                                          SHA1:cba704aa98f11b19ff969d5aa17513ff9642e952
                                                                                                                                                                                                                          SHA256:877c22851b1c18c92c6458beb834e05fa15e088fc9ef88a59122d2e8d51a0b49
                                                                                                                                                                                                                          SHA512:d5ba79d0f985d90f7e29387915be6588520b375121ad42c53dab1cc40d3ca9129db1cda4ce239bdbd554f4730a3f2df2c27b8b6a83ce59207ec496d498c82462
                                                                                                                                                                                                                          SSDEEP:49152:XOGRfbgEz2gOTxV0YEIEe1dhDnxkbX/t:+Cf8Ez25TxVeI1bebPt
                                                                                                                                                                                                                          TLSH:779533676139473FC5C6AA36AA278FF05B37CC17147E52191C0C26702E8EB5EADA1CA1
                                                                                                                                                                                                                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig..............................K...........@..........................@K.....-[....@.................................Y@..m..

                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                          Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Entrypoint:0x8b1000
                                                                                                                                                                                                                          Entrypoint Section:.taggant
                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                          Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                          Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                          jmp 00007F991D1C194Ah
                                                                                                                                                                                                                          lar ebx, word ptr [00000000h]
                                                                                                                                                                                                                          add cl, ch
                                                                                                                                                                                                                          add byte ptr [eax], ah
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [ebx], cl
                                                                                                                                                                                                                          or al, byte ptr [eax]
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], dh
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], cl
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [edx], ah
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [ecx], al
                                                                                                                                                                                                                          add byte ptr [eax], 00000000h
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          adc byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add cl, byte ptr [edx]
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          inc ebx
                                                                                                                                                                                                                          add eax, 00000000h
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add dword ptr [eax+00000000h], eax
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          adc byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          or ecx, dword ptr [edx]
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          xor byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          and al, byte ptr [eax]
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          or dword ptr [eax+00000000h], eax
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          adc byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          or ecx, dword ptr [edx]
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          xor byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax+eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [ecx], cl
                                                                                                                                                                                                                          add byte ptr [eax], 00000000h
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x1ac.rsrc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                          0x10000x520000x26400495ebb4dfaadf865f022bbba8c9f55bfFalse0.9994957618464052data7.972280706588096IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .rsrc0x530000x1ac0x200c4249243ceaeb236e3ce8ce2ab2c9a69False0.5390625data5.249019796122045IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          0x550000x2b20000x2007e4f0e3b0d0d554c0e382de27593d872unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          xrooptch0x3070000x1a90000x1a8400933f1c6b8e66a4412adc325216d36d12False0.9948772189893931data7.9543029290749425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          crvfcpup0x4b00000x10000x400e21da8907f9d0f9927ee289e7941b22fFalse0.7763671875data6.107792864543444IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .taggant0x4b10000x30000x2200498f654de62666418c83efae4ae7d6d2False0.05560661764705882DOS executable (COM)0.5949215762997662IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                          RT_MANIFEST0x530580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                          kernel32.dlllstrcpy

                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                          2024-12-28T10:02:55.125280+01002058582ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz)1192.168.2.5544521.1.1.153UDP
                                                                                                                                                                                                                          2024-12-28T10:02:55.411662+01002058584ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)1192.168.2.5583331.1.1.153UDP
                                                                                                                                                                                                                          2024-12-28T10:02:55.640280+01002058586ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)1192.168.2.5576071.1.1.153UDP
                                                                                                                                                                                                                          2024-12-28T10:02:55.874572+01002058588ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)1192.168.2.5555031.1.1.153UDP
                                                                                                                                                                                                                          2024-12-28T10:02:56.115995+01002058580ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)1192.168.2.5626451.1.1.153UDP
                                                                                                                                                                                                                          2024-12-28T10:02:56.515653+01002058590ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)1192.168.2.5582581.1.1.153UDP
                                                                                                                                                                                                                          2024-12-28T10:02:56.737496+01002058572ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)1192.168.2.5639321.1.1.153UDP
                                                                                                                                                                                                                          2024-12-28T10:02:56.974964+01002058576ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)1192.168.2.5616481.1.1.153UDP
                                                                                                                                                                                                                          2024-12-28T10:02:57.199387+01002058578ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)1192.168.2.5610021.1.1.153UDP
                                                                                                                                                                                                                          2024-12-28T10:02:59.054261+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54970423.55.153.106443TCP
                                                                                                                                                                                                                          2024-12-28T10:02:59.849437+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.54970423.55.153.106443TCP
                                                                                                                                                                                                                          2024-12-28T10:03:01.492825+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                          2024-12-28T10:03:02.228700+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                          2024-12-28T10:03:02.228700+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549705104.21.66.86443TCP
                                                                                                                                                                                                                          2024-12-28T10:03:03.126670+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549706104.21.66.86443TCP

                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.573030949 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.573086977 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.573168039 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.574779034 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.574791908 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.054197073 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.054260969 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.058638096 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.058650017 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.058973074 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.101634026 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.107531071 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.151379108 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849483013 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849505901 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849561930 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849586010 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849617958 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849658012 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849668980 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849680901 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849680901 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849694967 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:02:59.849714041 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.043992043 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.044059038 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.044118881 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.044147015 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.044190884 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.080391884 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.080432892 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.080478907 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.080491066 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.080509901 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.080533981 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.080563068 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.082086086 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.082102060 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.082113028 CET49704443192.168.2.523.55.153.106
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.082118034 CET4434970423.55.153.106192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.229988098 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.230036020 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.230109930 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.230453014 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.230468988 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:01.492697001 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:01.492825031 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:01.495594025 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:01.495606899 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:01.496012926 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:01.497420073 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:01.497447968 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:01.497503996 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.228439093 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.228543043 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.228600979 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.229140043 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.229161978 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.229171991 CET49705443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.229177952 CET44349705104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.254849911 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.254914999 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.255009890 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.255359888 CET49706443192.168.2.5104.21.66.86
                                                                                                                                                                                                                          Dec 28, 2024 10:03:02.255373001 CET44349706104.21.66.86192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:03.126669884 CET49706443192.168.2.5104.21.66.86

                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.125279903 CET5445253192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.355225086 CET53544521.1.1.1192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.411662102 CET5833353192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.634459019 CET53583331.1.1.1192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.640280008 CET5760753192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.873099089 CET53576071.1.1.1192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.874572039 CET5550353192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.113564968 CET53555031.1.1.1192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.115994930 CET6264553192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.511838913 CET53626451.1.1.1192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.515652895 CET5825853192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.733304977 CET53582581.1.1.1192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.737495899 CET6393253192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.971765995 CET53639321.1.1.1192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.974963903 CET6164853192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.196171045 CET53616481.1.1.1192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.199387074 CET6100253192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.424344063 CET53610021.1.1.1192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.427601099 CET5854553192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.566277027 CET53585451.1.1.1192.168.2.5
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.086208105 CET6549753192.168.2.51.1.1.1
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.229243994 CET53654971.1.1.1192.168.2.5

                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.125279903 CET192.168.2.51.1.1.10x38e4Standard query (0)mindhandru.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.411662102 CET192.168.2.51.1.1.10x8b33Standard query (0)prisonyfork.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.640280008 CET192.168.2.51.1.1.10x8e5dStandard query (0)rebuildeso.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.874572039 CET192.168.2.51.1.1.10xe689Standard query (0)scentniej.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.115994930 CET192.168.2.51.1.1.10x52c7Standard query (0)inherineau.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.515652895 CET192.168.2.51.1.1.10x4101Standard query (0)screwamusresz.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.737495899 CET192.168.2.51.1.1.10xe311Standard query (0)appliacnesot.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.974963903 CET192.168.2.51.1.1.10x91afStandard query (0)cashfuzysao.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.199387074 CET192.168.2.51.1.1.10xa1d3Standard query (0)hummskitnj.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.427601099 CET192.168.2.51.1.1.10xa0ceStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.086208105 CET192.168.2.51.1.1.10xc651Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.355225086 CET1.1.1.1192.168.2.50x38e4Name error (3)mindhandru.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.634459019 CET1.1.1.1192.168.2.50x8b33Name error (3)prisonyfork.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:55.873099089 CET1.1.1.1192.168.2.50x8e5dName error (3)rebuildeso.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.113564968 CET1.1.1.1192.168.2.50xe689Name error (3)scentniej.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.511838913 CET1.1.1.1192.168.2.50x52c7Name error (3)inherineau.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.733304977 CET1.1.1.1192.168.2.50x4101Name error (3)screwamusresz.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:56.971765995 CET1.1.1.1192.168.2.50xe311Name error (3)appliacnesot.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.196171045 CET1.1.1.1192.168.2.50x91afName error (3)cashfuzysao.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.424344063 CET1.1.1.1192.168.2.50xa1d3Name error (3)hummskitnj.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:02:57.566277027 CET1.1.1.1192.168.2.50xa0ceNo error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.229243994 CET1.1.1.1192.168.2.50xc651No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Dec 28, 2024 10:03:00.229243994 CET1.1.1.1192.168.2.50xc651No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                                                          • lev-tolstoi.com

                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          0192.168.2.54970423.55.153.1064434320C:\Users\user\Desktop\GHXsFkoroU.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-12-28 09:02:59 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                          2024-12-28 09:02:59 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          Date: Sat, 28 Dec 2024 09:02:59 GMT
                                                                                                                                                                                                                          Content-Length: 35121
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: sessionid=b8be0e6f1fa38ff631c12886; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                          2024-12-28 09:02:59 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                          2024-12-28 09:03:00 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                          Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                          2024-12-28 09:03:00 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                          Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          1192.168.2.549705104.21.66.864434320C:\Users\user\Desktop\GHXsFkoroU.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2024-12-28 09:03:01 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                          Host: lev-tolstoi.com
                                                                                                                                                                                                                          2024-12-28 09:03:01 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                          2024-12-28 09:03:02 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Sat, 28 Dec 2024 09:03:02 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=mmtqp84a1rvtjhim9cgn3pk24q; expires=Wed, 23 Apr 2025 02:49:40 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hjBmpjMU5KH2FdXEsO5HVEB8fCt9EYSmevnnM55w6NLQnmeXqK4xamBT%2FGXBq9RKd4fbyt6VBk3NlFMhOGrcDe%2F6Rb7HXryhRMP4XHamB%2F72KTd%2BhQq1kCBx%2FMKZDSWQlcc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 8f905ff40cb67c99-EWR
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1788&min_rtt=1785&rtt_var=676&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1610590&cwnd=235&unsent_bytes=0&cid=c342450b8b0b6cb3&ts=745&x=0"
                                                                                                                                                                                                                          2024-12-28 09:03:02 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                          2024-12-28 09:03:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                          Start time:04:02:52
                                                                                                                                                                                                                          Start date:28/12/2024
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\GHXsFkoroU.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\GHXsFkoroU.exe"
                                                                                                                                                                                                                          Imagebase:0x710000
                                                                                                                                                                                                                          File size:1'909'760 bytes
                                                                                                                                                                                                                          MD5 hash:2E0D4188FA62F1816C960ADCF5BE1A01
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:0.6%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:23.3%
                                                                                                                                                                                                                            Total number of Nodes:73
                                                                                                                                                                                                                            Total number of Limit Nodes:4
                                                                                                                                                                                                                            execution_graph 21926 71ef53 21927 71ef5d CoInitializeEx 21926->21927 21861 719eb7 21864 74fe00 21861->21864 21863 719ec7 WSAStartup 21865 74fe20 21864->21865 21865->21863 21865->21865 21866 71ec77 21867 71ec8f CoInitializeSecurity 21866->21867 21928 74c55c RtlAllocateHeap 21929 74ec9c 21931 74ec9f 21929->21931 21930 74ed6e 21931->21930 21933 74e110 LdrInitializeThunk 21931->21933 21933->21930 21868 71ddbb 21872 711f70 21868->21872 21870 71ddc0 CoUninitialize 21871 71eea0 21870->21871 21873 711f7e 21872->21873 21934 74679f 21937 7467bc 21934->21937 21936 74682d 21937->21936 21938 74e110 LdrInitializeThunk 21937->21938 21938->21937 21939 76955a VirtualAlloc 21940 769577 21939->21940 21941 719d1e 21942 719d40 LoadLibraryExW 21941->21942 21944 719da5 21942->21944 21945 719e74 LoadLibraryExW 21944->21945 21946 719e85 21945->21946 21947 718600 21951 71860f 21947->21951 21948 718a48 ExitProcess 21949 718a31 21954 74e080 FreeLibrary 21949->21954 21951->21948 21951->21949 21953 71b7b0 FreeLibrary FreeLibrary 21951->21953 21953->21949 21954->21948 21874 74e967 21875 74e980 21874->21875 21875->21875 21878 74e110 LdrInitializeThunk 21875->21878 21877 74e9ef 21878->21877 21879 74e760 21880 74e780 21879->21880 21880->21880 21881 74e7be 21880->21881 21883 74e110 LdrInitializeThunk 21880->21883 21883->21881 21897 71a369 21898 71a430 21897->21898 21898->21898 21901 71b100 21898->21901 21900 71a479 21902 71b190 21901->21902 21904 71b1b5 21902->21904 21905 74e0a0 21902->21905 21904->21900 21906 74e0d4 21905->21906 21907 74e0c0 21905->21907 21908 74e0f3 21905->21908 21911 74e0e8 21905->21911 21910 74e0d9 RtlReAllocateHeap 21906->21910 21907->21906 21907->21908 21912 74c570 21908->21912 21910->21911 21911->21902 21913 74c585 21912->21913 21914 74c583 21912->21914 21915 74c58a RtlFreeHeap 21913->21915 21914->21911 21915->21911 21916 769f6d 21917 76a4fb VirtualAlloc 21916->21917 21955 74eb88 21956 74eba0 21955->21956 21959 74ebde 21956->21959 21962 74e110 LdrInitializeThunk 21956->21962 21957 74ec4e 21959->21957 21961 74e110 LdrInitializeThunk 21959->21961 21961->21957 21962->21959 21918 74ea29 21919 74ea50 21918->21919 21921 74ea8e 21919->21921 21925 74e110 LdrInitializeThunk 21919->21925 21924 74e110 LdrInitializeThunk 21921->21924 21923 74eb59 21924->21923 21925->21921

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 0071B100 Relevance: 19.2, Strings: 15, Instructions: 425COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 0 71b100-71b18b 1 71b190-71b199 0->1 1->1 2 71b19b-71b1ae 1->2 4 71b1b5-71b1b7 2->4 5 71b414-71b4b7 call 717e30 2->5 6 71b4e4-71b4ef 2->6 7 71b4f6-71b4fd 2->7 8 71b40b-71b40f 2->8 9 71b1bc-71b3db 2->9 10 71b52f-71b538 2->10 11 71b4be-71b4c7 2->11 34 71b6df-71b6e6 4->34 5->6 5->7 5->10 5->11 14 71b6f0-71b6f1 5->14 15 71b610-71b61e 5->15 16 71b792-71b79a 5->16 17 71b717-71b732 call 74e0a0 5->17 18 71b5f7-71b60e call 74fe00 5->18 19 71b69c-71b6b1 5->19 20 71b79f 5->20 21 71b65e-71b668 5->21 22 71b6fe-71b710 5->22 23 71b780 5->23 24 71b5e3-71b5f0 5->24 25 71b623-71b62f 5->25 26 71b782 5->26 27 71b647-71b657 5->27 28 71b789 5->28 29 71b689-71b697 5->29 30 71b748-71b76d 5->30 31 71b76f 5->31 32 71b66f-71b687 call 74fe00 5->32 6->7 6->10 6->14 6->15 6->16 6->17 6->18 6->19 6->20 6->21 6->22 6->23 6->24 6->25 6->26 6->27 6->28 6->29 6->30 6->31 6->32 33 71b572-71b592 7->33 37 71b6d3-71b6dc 8->37 35 71b3e0-71b3eb 9->35 36 71b540-71b56a 10->36 12 71b4ff-71b52a call 74fe00 11->12 13 71b4ce-71b4df 11->13 43 71b6c6-71b6d0 12->43 13->43 60 71b6f8 14->60 49 71b6ba-71b6bd 15->49 16->14 52 71b737-71b741 17->52 18->15 19->49 44 71b7a2-71b7a9 20->44 21->15 21->18 21->29 21->32 22->15 22->17 22->18 22->20 22->23 22->26 22->28 22->29 22->30 22->31 22->32 24->15 24->18 54 71b636-71b640 25->54 26->28 27->14 27->15 27->16 27->17 27->18 27->19 27->20 27->21 27->22 27->23 27->26 27->28 27->29 27->30 27->31 27->32 28->16 29->44 41 71b774-71b77a 30->41 31->41 32->29 47 71b5a0-71b5bd 33->47 35->35 40 71b3ed-71b3f8 35->40 36->36 46 71b56c-71b56f 36->46 37->34 61 71b3fb-71b404 40->61 41->23 43->37 44->49 46->33 47->47 59 71b5bf-71b5dc 47->59 49->43 52->15 52->18 52->20 52->23 52->26 52->28 52->29 52->30 52->31 52->32 54->14 54->15 54->16 54->17 54->18 54->19 54->20 54->21 54->22 54->23 54->26 54->27 54->28 54->29 54->30 54->31 54->32 59->14 59->15 59->16 59->17 59->18 59->19 59->20 59->21 59->22 59->23 59->24 59->25 59->26 59->27 59->28 59->29 59->30 59->31 59->32 60->22 61->5 61->6 61->7 61->8 61->10 61->11 61->14 61->15 61->16 61->17 61->18 61->19 61->20 61->21 61->22 61->23 61->24 61->25 61->26 61->27 61->28 61->29 61->30 61->31 61->32
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO
                                                                                                                                                                                                                            • API String ID: 0-620192811
                                                                                                                                                                                                                            • Opcode ID: 15817730c4f59fdb911f1b09b0c739319d65b188785f0d9f158392baea24fa96
                                                                                                                                                                                                                            • Instruction ID: 4a027ee6d34261ed584167254995400b66c9dadfd4bfdba098b3bc4e2da3aff7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15817730c4f59fdb911f1b09b0c739319d65b188785f0d9f158392baea24fa96
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D20264B1200B01DFD324CF25D891BABBBF1FB49315F508A2CD5AA8BAA0D778A455CF54
                                                                                                                                                                                                                            Function 00718600 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 74 718600-718611 call 74d9a0 77 718617-71861e call 7462a0 74->77 78 718a48-718a4b ExitProcess 74->78 81 718a31-718a38 77->81 82 718624-71864a 77->82 83 718a43 call 74e080 81->83 84 718a3a-718a40 call 717f60 81->84 90 718650-71887f 82->90 91 71864c-71864e 82->91 83->78 84->83 93 718880-7188ce 90->93 91->90 93->93 94 7188d0-71891d call 74c540 93->94 97 718920-718943 94->97 98 718945-718962 97->98 99 718964-71897c 97->99 98->97 101 718982-718a0b 99->101 102 718a0d-718a25 call 719d00 99->102 101->102 102->81 105 718a27 call 71cb90 102->105 107 718a2c call 71b7b0 105->107 107->81
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ExitProcess.KERNEL32(00000000), ref: 00718A4B
                                                                                                                                                                                                                              • Part of subcall function 0071B7B0: FreeLibrary.KERNEL32(00718A31), ref: 0071B7B6
                                                                                                                                                                                                                              • Part of subcall function 0071B7B0: FreeLibrary.KERNEL32 ref: 0071B7D7
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeLibrary$ExitProcess
                                                                                                                                                                                                                            • String ID: b]u)$}$}
                                                                                                                                                                                                                            • API String ID: 1614911148-2900034282
                                                                                                                                                                                                                            • Opcode ID: e341ea468635a62b0ea52da4db8936766cfaa90eef39b5f21f0b26a412b3448c
                                                                                                                                                                                                                            • Instruction ID: c1d994fca0b46670f58d7fec6f8adb6240e413de224edc1870fd7d25f3f79ed0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e341ea468635a62b0ea52da4db8936766cfaa90eef39b5f21f0b26a412b3448c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFC1E673A187144BC718DF6DC84125AF7D6ABC8710F1EC52EA898EB391EA74DC058BC6
                                                                                                                                                                                                                            Function 0074E110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 174 74e110-74e142 LdrInitializeThunk
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LdrInitializeThunk.NTDLL(0075148A,?,00000018,?,?,00000018,?,?,?), ref: 0074E13E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                            • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                            • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                            Function 00751720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 176 751720-751741 177 751750-75176b 176->177 177->177 178 75176d-751779 177->178 179 7517e0-7517e5 178->179 180 75177b-751785 178->180 181 751879-75187b 179->181 182 7517eb-7517ff 179->182 183 751790-751797 180->183 184 75188d-751894 181->184 185 75187d-751884 181->185 186 751800-75181b 182->186 187 7517ad-7517b5 183->187 188 751799-7517a7 183->188 189 751886 185->189 190 75188a 185->190 186->186 191 75181d-751828 186->191 187->179 193 7517b7-7517d8 call 74e110 187->193 188->183 192 7517a9-7517ab 188->192 189->190 190->184 194 751871-751873 191->194 195 75182a-751832 191->195 192->179 197 7517dd 193->197 194->181 199 751875 194->199 198 751840-751847 195->198 197->179 200 751850-751856 198->200 201 751849-75184c 198->201 199->181 200->194 203 751858-75186e call 74e110 200->203 201->198 202 75184e 201->202 202->194 203->194
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                            • String ID: =<32
                                                                                                                                                                                                                            • API String ID: 2994545307-852023076
                                                                                                                                                                                                                            • Opcode ID: a0222416893eaa73ce82d293f046cbb3ff33035eafddab450b2038c3bf462e37
                                                                                                                                                                                                                            • Instruction ID: 48e961e9258459b553b9f7c8476ed8fb7c6cbb8a0dc6835d8b49bdafdf8d5225
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0222416893eaa73ce82d293f046cbb3ff33035eafddab450b2038c3bf462e37
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52318E346043046FE7248A14DC91BBFB795EB84323F588A3CF981572D0D7B9EC448781
                                                                                                                                                                                                                            Function 00718A50 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                            • Instruction ID: 6c23cc66271949df118cce1fd6ac301df40afaf9a51249ed8ca48d6e2fa303db
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D721C537A627184BD3108E54DCC87917761EBD9328F3E86B8C9249F3D2C97BA91386C0
                                                                                                                                                                                                                            Function 00719D1E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 109 719d1e-719d34 110 719d40-719d52 109->110 110->110 111 719d54-719d7e 110->111 112 719d80-719d92 111->112 112->112 113 719d94-719e13 LoadLibraryExW call 74d960 112->113 116 719e20-719e32 113->116 116->116 117 719e34-719e5e 116->117 118 719e60-719e72 117->118 118->118 119 719e74-719e80 LoadLibraryExW call 74d960 118->119 121 719e85-719e98 119->121
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000), ref: 00719D98
                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000), ref: 00719E78
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                                                            • String ID: CKz
                                                                                                                                                                                                                            • API String ID: 1029625771-784393319
                                                                                                                                                                                                                            • Opcode ID: 75395ba78f7585ba9931b35d31a9220faab990d71bf748d30d06df158bcd450c
                                                                                                                                                                                                                            • Instruction ID: 92b7c662d1a83d3096a2f6ecadf46535de8d9a680eb1ca560e9f9bcd9d9b56c8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75395ba78f7585ba9931b35d31a9220faab990d71bf748d30d06df158bcd450c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD410174E003009FE7149F7899D6A9A7F71FB06324F5042ACD5902F3E6C635980ACBE2
                                                                                                                                                                                                                            Function 0071EF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 149 71ef53-71f0b5 CoInitializeEx
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CoInitializeEx.COMBASE(00000000,00000002), ref: 0071F09D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Initialize
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2538663250-0
                                                                                                                                                                                                                            • Opcode ID: 10bd5bf8037764e32d28a6a0dc3b8c6cc1603a30b7827cbf53af317370d295a7
                                                                                                                                                                                                                            • Instruction ID: a158a6eec4ea84d7b7bc24a4c3110ea054d9dd7d6fd6b954cb4f11ca10141e1f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10bd5bf8037764e32d28a6a0dc3b8c6cc1603a30b7827cbf53af317370d295a7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3641D8B4810B40AFD370EF3D9A4B7137EB8AB05250F504B1EF9E6866D4E231A4198BD7
                                                                                                                                                                                                                            Function 0074E0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 151 74e0a0-74e0b1 152 74e0d4-74e0e6 call 74f990 RtlReAllocateHeap 151->152 153 74e0c6-74e0cd 151->153 154 74e0c0 151->154 155 74e0f3-74e0f4 call 74c570 151->155 156 74e0e8-74e0f1 call 74c540 151->156 163 74e0fe-74e100 152->163 153->152 153->155 154->153 162 74e0f9-74e0fc 155->162 156->163 162->163
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlReAllocateHeap.NTDLL(?,00000000), ref: 0074E0E0
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                            • Opcode ID: ce7580340a94b59f7aaf208411e5ae78cc945e2445aa93c909b7a9445f3e1863
                                                                                                                                                                                                                            • Instruction ID: 828b536ace6adf7bb04561d6be3791fd0996a4463e1c53acf5c46402d1abe966
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce7580340a94b59f7aaf208411e5ae78cc945e2445aa93c909b7a9445f3e1863
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4F0E532819311FBC3512F38BD0AA9B3AA8EFC3721F254434F4049A121DBBCF8168695
                                                                                                                                                                                                                            Function 0071EC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 164 71ec77-71ecbb CoInitializeSecurity
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0071ECA3
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InitializeSecurity
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 640775948-0
                                                                                                                                                                                                                            • Opcode ID: f080a2aaa119505460268127adf07febe503409ae90210a35dd8ee2ecf88b9a8
                                                                                                                                                                                                                            • Instruction ID: 5b2edbacbe19620a8a6e149d74499f5cae5c778ed6554ecdf3b10a653fc0582b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f080a2aaa119505460268127adf07febe503409ae90210a35dd8ee2ecf88b9a8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37E092743EA3467AF63982259CB7F6631069B42F29E31AB05B3213D7D4CAD43101824C
                                                                                                                                                                                                                            Function 00719EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 166 719eb7-719ef7 call 74fe00 WSAStartup
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WSAStartup.WS2_32(00000202,?), ref: 00719ED2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Startup
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 724789610-0
                                                                                                                                                                                                                            • Opcode ID: becedf6c97f6cc13a09d6f83ec1c623f1427e11ad7c04031ab3240e243e0b25a
                                                                                                                                                                                                                            • Instruction ID: 78e22299f46a7c240b15717ce0669bb2eb80dea8927126f602ce6865edf32e35
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: becedf6c97f6cc13a09d6f83ec1c623f1427e11ad7c04031ab3240e243e0b25a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52E0C2336407029BD700DB30EC57E993356EB5534B706C428E209C1071EAAA94109A10
                                                                                                                                                                                                                            Function 0074C570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 169 74c570-74c57c 170 74c585-74c597 call 74f990 RtlFreeHeap 169->170 171 74c583-74c584 169->171
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(?,00000000,?,0074E0F9), ref: 0074C590
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                                                            • Opcode ID: 13458899ce877f6d41bb6b9e70bb0ea452d03e2344dd36eed7e59fa563d1b325
                                                                                                                                                                                                                            • Instruction ID: 19bcae45da3ec5de8e2b22b926016dc599c3693ae7ea0a159e9478a443471738
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13458899ce877f6d41bb6b9e70bb0ea452d03e2344dd36eed7e59fa563d1b325
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7D0C931419622FBC6502F28FC05BC73A58DF49221F074891F504AA175C7A9EC91CAD4
                                                                                                                                                                                                                            Function 0074C55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 175 74c55c-74c568 RtlAllocateHeap
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(?,00000000), ref: 0074C561
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                            • Opcode ID: 67702ac6f166d66f5c3684f413581810211c2e47d393229444460ec4994bb289
                                                                                                                                                                                                                            • Instruction ID: 24cf5a0a8182e0c8e7b3800d13d98a97679756a659811437f79ac04dce0f6c67
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67702ac6f166d66f5c3684f413581810211c2e47d393229444460ec4994bb289
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFA001711856109ADA962B24FC09B847A21AB58621F128191E102594F686A5D8929A89
                                                                                                                                                                                                                            Function 0076955A Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000), ref: 00769565
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                            • Opcode ID: 9d256702202b9401f3fb6683e0feee399627d7c62e2bd8b3174cb603ce82241d
                                                                                                                                                                                                                            • Instruction ID: 11f2532c590881eb95f9c7c9712daa9816c667c0249ea46adb2531c1046277b0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d256702202b9401f3fb6683e0feee399627d7c62e2bd8b3174cb603ce82241d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1F022B95087048BE600DF2AC8440AEBBE8EBC93A0F21861EE986C2794DA358C01C652
                                                                                                                                                                                                                            Function 0071DDBB Relevance: 1.3, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Uninitialize
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3861434553-0
                                                                                                                                                                                                                            • Opcode ID: 62aa2c5a56ace25f681121ea071a5503d1499486d76d7902267b0ba3ef685253
                                                                                                                                                                                                                            • Instruction ID: f99d35119e1fc89a22f943a606706a268bd027e3de6d24cfab6c97a9d2da3705
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62aa2c5a56ace25f681121ea071a5503d1499486d76d7902267b0ba3ef685253
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88C0803566D500C7D308D3349D774B731168FC7745314E819C50749356E6F8B5454648
                                                                                                                                                                                                                            Function 00769F6D Relevance: 1.3, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000), ref: 0076A500
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                            • Opcode ID: 20e893e232ad91ccd7befcdf415d854da534011d92b4fde877852c54e38465b5
                                                                                                                                                                                                                            • Instruction ID: f2ac447939a1fca468b7d4aaeee4f0c2300f9c7f3d133799460a174a8375e9d7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20e893e232ad91ccd7befcdf415d854da534011d92b4fde877852c54e38465b5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9E026B58089A4EFD3001F508D49ABDBBE4DB94342F26002CEC86A7700D6710C44DB8E

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 007342D0 Relevance: 43.1, APIs: 2, Strings: 22, Instructions: 1129COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 007343AA
                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0073443E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                            • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$REs$Xs$bFs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                                            • API String ID: 237503144-3797150303
                                                                                                                                                                                                                            • Opcode ID: 10e063f5baedc3aa7b13abd45638d55a0b965188873eb3e3561df9f8390d53be
                                                                                                                                                                                                                            • Instruction ID: a203afd88c2d3f2bd2e1fb28578f3e37fe3f1e8b29a7ea9531460c7b516fc731
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10e063f5baedc3aa7b13abd45638d55a0b965188873eb3e3561df9f8390d53be
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AC20CB560D3848AE334CF14D4527DFBAF2FB82300F00892DD5E96B255D7B5864A8B9B
                                                                                                                                                                                                                            Function 00734560 Relevance: 39.6, APIs: 1, Strings: 21, Instructions: 1081COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$REs$Xs$bFs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                                                                            • API String ID: 0-2132951268
                                                                                                                                                                                                                            • Opcode ID: b2df4a121ee390a6a46833e13651bb214e1f6466b40c336cc25018be349df095
                                                                                                                                                                                                                            • Instruction ID: de20c4929eb2cbb3166dc504cc47b61aa9b7d44647c1e35b66bc997cd2294771
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2df4a121ee390a6a46833e13651bb214e1f6466b40c336cc25018be349df095
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BC20CB560C3848AE334CF54D852BDFBAF2FB82300F00892DD5E96B255D7B546498B9B
                                                                                                                                                                                                                            Function 007260E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                                                                            • API String ID: 0-2746398225
                                                                                                                                                                                                                            • Opcode ID: 5e4afb874647b0b591da725045af445a19a252c7bc9303d41fe06c9894609aa1
                                                                                                                                                                                                                            • Instruction ID: 7ef1b711995245b203f8a1a7490d9eed30cc0a611282ff56b672d3c28e61cbfe
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e4afb874647b0b591da725045af445a19a252c7bc9303d41fe06c9894609aa1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E64215B2608360CFC7248F28E8957ABB7E2FBD5315F19853DD4D987256DB389805CB42
                                                                                                                                                                                                                            Function 008CA494 Relevance: 11.5, Strings: 8, Instructions: 1541COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: (;$1,k$Aw$v}k${moV$aWu$rzo$j/
                                                                                                                                                                                                                            • API String ID: 0-2827995591
                                                                                                                                                                                                                            • Opcode ID: 5877b3a79f043360249885d04812b354a3fe817d5f848012af29f93d02dfdfc4
                                                                                                                                                                                                                            • Instruction ID: 5112f468420b77b18e0c897c59d281a0b95c1a8b3e12c19a79a724172728a564
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5877b3a79f043360249885d04812b354a3fe817d5f848012af29f93d02dfdfc4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80A2E6F360C2009FE304AE2DEC8567ABBE9EF94720F1A493DE6C4C7744E63598458697
                                                                                                                                                                                                                            Function 0072747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: _^]\
                                                                                                                                                                                                                            • API String ID: 0-3116432788
                                                                                                                                                                                                                            • Opcode ID: 8a90116f388e396e3aa89033bc2a92c6deed6a5551d40ea5dcb14f7503d8411f
                                                                                                                                                                                                                            • Instruction ID: 64ebe424fd6bb7a5aee8cc0361fcfc5c4e225ca0c792d460a916d8592d48b7c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a90116f388e396e3aa89033bc2a92c6deed6a5551d40ea5dcb14f7503d8411f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1082287150C3618BC728CF28D8917ABB7E1FFC9314F198A6CE8D59B2A5E7389805C752
                                                                                                                                                                                                                            Function 007381CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 007384BD
                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 007385B4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                            • String ID: LF7Y$_^]\
                                                                                                                                                                                                                            • API String ID: 237503144-3688711800
                                                                                                                                                                                                                            • Opcode ID: 8df8f92b3e102f3d6221bbaabf1be6be2ed33a0618baa47d96d7de1cec98a605
                                                                                                                                                                                                                            • Instruction ID: ec6382549d2e444f5a41a90ae0ede5b76a297f8e3c8e4666b6e4105aa90e942e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8df8f92b3e102f3d6221bbaabf1be6be2ed33a0618baa47d96d7de1cec98a605
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72222271908341CFE3288F28E88076FB7E2FF85311F198A6CF995572A2D7799901CB52
                                                                                                                                                                                                                            Function 007383D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 007384BD
                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 007385B4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                            • String ID: LF7Y$_^]\
                                                                                                                                                                                                                            • API String ID: 237503144-3688711800
                                                                                                                                                                                                                            • Opcode ID: 511f653bebee257011d267c9a40629b728b86d5201c14b74eae82809f5911f0d
                                                                                                                                                                                                                            • Instruction ID: 85b836ad9f48f59499859e0df6df44f0a6dda05193239ac5f1c9c66593eaaa35
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 511f653bebee257011d267c9a40629b728b86d5201c14b74eae82809f5911f0d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99121171908381CFE3248F28D88075BBBE1FF89311F198A6CE999573A2D779D941CB52
                                                                                                                                                                                                                            Function 007324E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                                                                                                                                                                                            • API String ID: 0-1171452581
                                                                                                                                                                                                                            • Opcode ID: b8c2230a91ef7b039f22eca94549ddc4931b9a8a41d096fdab6e484bd1dffe1b
                                                                                                                                                                                                                            • Instruction ID: 00285fb339859bb9b6cc1dc63c1ba81de74a009cfd92c952cd17fff7b481a0c6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8c2230a91ef7b039f22eca94549ddc4931b9a8a41d096fdab6e484bd1dffe1b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC91F2B16083009BE714DF24C892B67B7F5EF95764F18842CF9898B293E379E906C752
                                                                                                                                                                                                                            Function 00728169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                                                                            • API String ID: 0-3257051659
                                                                                                                                                                                                                            • Opcode ID: 572c154cf57ad1c36bdcd365521056e1a87690df1ad572438622fe26aadcc02e
                                                                                                                                                                                                                            • Instruction ID: 75b4b52ad30aa151ffbe0dc0256403faa4252058b2deb7a1c0766f9382c4dfdf
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 572c154cf57ad1c36bdcd365521056e1a87690df1ad572438622fe26aadcc02e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5AA13572A153608BD354CF28D8517AFB7E2FBC4314F59CA3DD485D7292EA3D89068782
                                                                                                                                                                                                                            Function 008CC5A2 Relevance: 6.0, Strings: 4, Instructions: 1026COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: FJ_$*:7\$K9@=$gkM
                                                                                                                                                                                                                            • API String ID: 0-447829758
                                                                                                                                                                                                                            • Opcode ID: 322e21fdff14ac2636e4eff423322f7dff672b727924446be7ccf8a800f85708
                                                                                                                                                                                                                            • Instruction ID: 43780b643992050d3f257d417241f80c1d222fa96c9ee5ed44857f3277f7f0be
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 322e21fdff14ac2636e4eff423322f7dff672b727924446be7ccf8a800f85708
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 136218F360C204AFE3046E29EC8567AFBE9EFD4760F1A453DE6C4C7740E93598058696
                                                                                                                                                                                                                            Function 007C41C6 Relevance: 5.5, Strings: 4, Instructions: 534COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: %H+$*D@$t$?$76y
                                                                                                                                                                                                                            • API String ID: 0-2405957494
                                                                                                                                                                                                                            • Opcode ID: d11a04ec4f36b158785d3c8c36b3bcc14b5dc73a79901697404caf8eead0f812
                                                                                                                                                                                                                            • Instruction ID: 5664de236a39c99a70581f77b1d6e2dc2552a826ce8353683f5cdc5bae710d1b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d11a04ec4f36b158785d3c8c36b3bcc14b5dc73a79901697404caf8eead0f812
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F02E2B3F142244BF3404D69DC983A6B6D2EB94320F2B8638DE88A77C5D97E9D0587C5
                                                                                                                                                                                                                            Function 007390D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00739170
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                            • String ID: M/($M/(
                                                                                                                                                                                                                            • API String ID: 237503144-1710806632
                                                                                                                                                                                                                            • Opcode ID: 10ba08dc3dbca170d5fca0582b519b586efbe81a11d662feced4652405f20742
                                                                                                                                                                                                                            • Instruction ID: 599ec61d2c7e902a644b14105348b3ed6a944ca061abd60afbaeb8146ac55f14
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10ba08dc3dbca170d5fca0582b519b586efbe81a11d662feced4652405f20742
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2521017165C3515BE714CE34988179BB7AAEBC2700F01892CA091AB1C5D679880B8756
                                                                                                                                                                                                                            Function 00857017 Relevance: 4.3, Strings: 3, Instructions: 524COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: #GyK$d]{z$kG{?
                                                                                                                                                                                                                            • API String ID: 0-4128785945
                                                                                                                                                                                                                            • Opcode ID: 5e2a5c23d22a758b5bc2cd78e4065b59cee81b4adfb24926440441ef8304d85e
                                                                                                                                                                                                                            • Instruction ID: 09051f28fddea9dd46f515aca1da2c398d61f67abe804c3f4e9298ca5cae2391
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e2a5c23d22a758b5bc2cd78e4065b59cee81b4adfb24926440441ef8304d85e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9302E1B3F152144BF3444E39DC94366B692EBD4320F2F863D9A889B7C5E93D9D0A8385
                                                                                                                                                                                                                            Function 0073A0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: .txt$<\hX$_^]\
                                                                                                                                                                                                                            • API String ID: 0-3117400391
                                                                                                                                                                                                                            • Opcode ID: 6c9a6be2df8f6da7f85f639820c2ad104b51d40c40e3ecd8949490b483378a13
                                                                                                                                                                                                                            • Instruction ID: bf3f867c0e17ccc7abd609e531931e5fc9ce014b6ef68d5d6278a1faf7961aa4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c9a6be2df8f6da7f85f639820c2ad104b51d40c40e3ecd8949490b483378a13
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6C1147150C340EFE708DF28E8526ABBBE6AF85311F088A6CF4D547292D7799946CB12
                                                                                                                                                                                                                            Function 0072D003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: [V$bh
                                                                                                                                                                                                                            • API String ID: 0-2174178241
                                                                                                                                                                                                                            • Opcode ID: 28fe969c2ed000bd7d3a8d413113a8880a62b6b4d4ca8b199b9fc099b3175943
                                                                                                                                                                                                                            • Instruction ID: 758c89b2d0ddb23337b8a93ac7f647fd208afd055aa4f40a165d675cc35d559c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28fe969c2ed000bd7d3a8d413113a8880a62b6b4d4ca8b199b9fc099b3175943
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC3235B1901725CBCB34CF29C8916B7B7B1FF95310F298258D8969B394E738AD42CB91
                                                                                                                                                                                                                            Function 007FF11A Relevance: 3.0, Strings: 2, Instructions: 477COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: *B45$:)>>
                                                                                                                                                                                                                            • API String ID: 0-2384078052
                                                                                                                                                                                                                            • Opcode ID: b38166088b15351383c9851b9e508c899ccd90a78c2f96175d2fe8f28e64b69e
                                                                                                                                                                                                                            • Instruction ID: ce6d3689c8e6e32ed9b7f78f75345804f3b009bf7ff8a1f2b15e1d19fee27e61
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b38166088b15351383c9851b9e508c899ccd90a78c2f96175d2fe8f28e64b69e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5F1CDF3E142204BF3545E69EC98366B6D2EB94320F2F453D8E88A73C1E97E5D058786
                                                                                                                                                                                                                            Function 00714270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: )$IEND
                                                                                                                                                                                                                            • API String ID: 0-707183367
                                                                                                                                                                                                                            • Opcode ID: f5c15a44183c1e779059ec659acc9366ff81da3179ce45a11ac0d5111c18f1ca
                                                                                                                                                                                                                            • Instruction ID: e39451756b1a7a9c78c9c0306c37659a9b81d31fc27afad51c9fd1f326b9d891
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5c15a44183c1e779059ec659acc9366ff81da3179ce45a11ac0d5111c18f1ca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1D1C1B1508344DFD720CF18D845B9BBBE4AB94308F14492DF9999B3C2D379E989CB92
                                                                                                                                                                                                                            Function 0082E38D Relevance: 2.7, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: *$d
                                                                                                                                                                                                                            • API String ID: 0-1907121859
                                                                                                                                                                                                                            • Opcode ID: 9ecfa821c9fc88f393bfaaf29cb106caa3ecdf813df87251ce30ba09c2cdcbaf
                                                                                                                                                                                                                            • Instruction ID: 73e27646e11dd2b2e7ddd9baa157d8a2362666545c243e7eecf82ad260d2245f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ecfa821c9fc88f393bfaaf29cb106caa3ecdf813df87251ce30ba09c2cdcbaf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 908180B3F216154BF3588D39DC483613683E7D5325F2A823C8A988B7D9D97D9D4A4348
                                                                                                                                                                                                                            Function 007750E3 Relevance: 1.8, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: 7v|5
                                                                                                                                                                                                                            • API String ID: 0-3388864831
                                                                                                                                                                                                                            • Opcode ID: ed36e977e08d6374c33157ccec87e3dcd893640546e91416fddc23a0f750c182
                                                                                                                                                                                                                            • Instruction ID: 6fb3356fc975d563b0bb90c28971462851d9548528ef6d47f685ad3cf5718ca8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed36e977e08d6374c33157ccec87e3dcd893640546e91416fddc23a0f750c182
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A02EDF3E146214BF3485D38DC98366B692EB94320F2B863C9F88977C5E97E9D058385
                                                                                                                                                                                                                            Function 00776409 Relevance: 1.8, Strings: 1, Instructions: 509COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: Q=
                                                                                                                                                                                                                            • API String ID: 0-1133568877
                                                                                                                                                                                                                            • Opcode ID: 6bc3fe30760e7b2dfac8d5246b27a36829327ad642d8631aac3a0b37bbfd25d9
                                                                                                                                                                                                                            • Instruction ID: 94adfe10730c4efec35621276430e2008e62818b5aab3199ec690bb997408d08
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bc3fe30760e7b2dfac8d5246b27a36829327ad642d8631aac3a0b37bbfd25d9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4902D0B3F102244BF3445E29CC953AAB692EB94310F1B853DCE88A77C5D97E9D0587C5
                                                                                                                                                                                                                            Function 007E22DD Relevance: 1.8, Strings: 1, Instructions: 507COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: 1/n
                                                                                                                                                                                                                            • API String ID: 0-3839975960
                                                                                                                                                                                                                            • Opcode ID: 27d65d98328c68238f7e3ec53bb5d8c166f4e2c8e0edef619ad60c0c3a281500
                                                                                                                                                                                                                            • Instruction ID: af5eccddab65b86c61a4e2c6377ab8ab1cc739ea07b1a66160d5005cb2180349
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27d65d98328c68238f7e3ec53bb5d8c166f4e2c8e0edef619ad60c0c3a281500
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28F1B1B3E156244BF3544939CC98362B693DBD4324F2F82398A98AB7C9DD7E5D0683C4
                                                                                                                                                                                                                            Function 00826039 Relevance: 1.7, Strings: 1, Instructions: 491COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: {uf
                                                                                                                                                                                                                            • API String ID: 0-2237845273
                                                                                                                                                                                                                            • Opcode ID: 641a11b509ebec8000f8f6797f3b1d030daa593a85c4c573fce5fbbc878f6c56
                                                                                                                                                                                                                            • Instruction ID: 176267a09c80cf98c4754f259fc4af18b87b050eb034e93fb95ff48ab46d3e0a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 641a11b509ebec8000f8f6797f3b1d030daa593a85c4c573fce5fbbc878f6c56
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8F1D2B3F142204BF3585D38DCA8366B696DB95320F2B423CCE89AB7C4D97E5D098385
                                                                                                                                                                                                                            Function 0084C49E Relevance: 1.7, Strings: 1, Instructions: 482COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: @Rs{
                                                                                                                                                                                                                            • API String ID: 0-380501886
                                                                                                                                                                                                                            • Opcode ID: 4d248a141683a775fc40207776c1c6ae403d095413e91abcf1f993ecfdc265f0
                                                                                                                                                                                                                            • Instruction ID: 61ea20db45cfd9b36f951eacaffa6f359d707ac7c516f8c24a87521d43822f81
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d248a141683a775fc40207776c1c6ae403d095413e91abcf1f993ecfdc265f0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DF1E0F3E142204BF3445E29DC98366B692EBD4320F2F863D9E88A73C5E97E5D058385
                                                                                                                                                                                                                            Function 00806298 Relevance: 1.7, Strings: 1, Instructions: 439COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: 3-/n
                                                                                                                                                                                                                            • API String ID: 0-1264134610
                                                                                                                                                                                                                            • Opcode ID: fb65f87d8d91ac2acc60a0e2a38a8ef79cc91588f392b6d88a7766c765aafcb6
                                                                                                                                                                                                                            • Instruction ID: 5a44a369d4c93d9adb3e5ecd2b81b28e9114cc1628643ba620e286a3bd06c341
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb65f87d8d91ac2acc60a0e2a38a8ef79cc91588f392b6d88a7766c765aafcb6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80E1CCF3F142144BF3445D29DC9836AB692EBD4320F2A823C8F885B7C9E97E5D098385
                                                                                                                                                                                                                            Function 0086A4D6 Relevance: 1.7, Strings: 1, Instructions: 409COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: UZ5
                                                                                                                                                                                                                            • API String ID: 0-2948504167
                                                                                                                                                                                                                            • Opcode ID: 479b87fba28dedac3dd443e69c337bb668308166ce15a6d53fa7b9bfcb3f7946
                                                                                                                                                                                                                            • Instruction ID: 73721c9b1848345ffe46d524c8c74c85ec95dd9443579fce1bbae02966166e47
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 479b87fba28dedac3dd443e69c337bb668308166ce15a6d53fa7b9bfcb3f7946
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2ED1CEB3E042244BF3145E29DC9436AB696EBD4320F2F853DDE88A77C4E93D9D098385
                                                                                                                                                                                                                            Function 0073D17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(1A11171A), ref: 0073D2A4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3664257935-0
                                                                                                                                                                                                                            • Opcode ID: 6700e1221705639f3d567caa56436ce6fa79c0d2959a18ee9b12812bd58868cd
                                                                                                                                                                                                                            • Instruction ID: 9a7997f53eb1d99f0f984aa245cb42808052fa5d899b0888df3a32457ec2acd9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6700e1221705639f3d567caa56436ce6fa79c0d2959a18ee9b12812bd58868cd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6841D0706043829BE3258B38D9A0B63BBA1FF57314F28868CE5D64B393D72998568B51
                                                                                                                                                                                                                            Function 0073D34A Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: ><+
                                                                                                                                                                                                                            • API String ID: 0-2918635699
                                                                                                                                                                                                                            • Opcode ID: 6631b3b6d5b14664f0f1f9b35df877988a8514537f67335a1934aa9dd8563f7a
                                                                                                                                                                                                                            • Instruction ID: 8d1f78233494188d8aa5d023dc45994e2ed3ae0ff0dbd369d65c5ab602e1a341
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6631b3b6d5b14664f0f1f9b35df877988a8514537f67335a1934aa9dd8563f7a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87C1B0756047428FE725CF2AD490762FBE2BF9A310F28859DC4DA8B752D739E806CB50
                                                                                                                                                                                                                            Function 0073B170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: "
                                                                                                                                                                                                                            • API String ID: 0-123907689
                                                                                                                                                                                                                            • Opcode ID: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                                            • Instruction ID: d1d9339cc0ea250e6373ce457218b1fc8a6065773acc10e461ec40883914e4ba
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a481a20cd818ae86bd77ddd76c28e78242e6649cf267746c47876947a36422a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96C10AB2A083149FE725CE24C49576BB7E9AF84310F19892DE69587383E73CED44C792
                                                                                                                                                                                                                            Function 008425E8 Relevance: 1.6, Strings: 1, Instructions: 377COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: 2
                                                                                                                                                                                                                            • API String ID: 0-450215437
                                                                                                                                                                                                                            • Opcode ID: 02648d62aa5155dd7221100698f65fca37c96b6b7b77d28eb0426f93d83af8d9
                                                                                                                                                                                                                            • Instruction ID: 5cee63ff4f6086afdf7a1d6b8c67742bb9e7fe54d879cccabbdf0c2863e14cda
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02648d62aa5155dd7221100698f65fca37c96b6b7b77d28eb0426f93d83af8d9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29D159F3F1152547F3984839CC683A6258397A4324F2F42388F5EAB7C6EC7E5E0A5284
                                                                                                                                                                                                                            Function 0082028C Relevance: 1.6, Strings: 1, Instructions: 323COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: 1+&i
                                                                                                                                                                                                                            • API String ID: 0-2860233473
                                                                                                                                                                                                                            • Opcode ID: b9ae00deb27b7d009926cbe68cd79f4e8ffd8bdf19a94fc5dde8b0e209cf15ca
                                                                                                                                                                                                                            • Instruction ID: 3881671fe5bc79d519c4f8d01fc9e82799c9f87f537b135602e9c96989344f77
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9ae00deb27b7d009926cbe68cd79f4e8ffd8bdf19a94fc5dde8b0e209cf15ca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BEB19BB3F1062147F3984C39CCA83626583DB95320F2F827C8E59AB7D9D97E5D0A5384
                                                                                                                                                                                                                            Function 00804138 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: ;;j[
                                                                                                                                                                                                                            • API String ID: 0-1308336540
                                                                                                                                                                                                                            • Opcode ID: db6cf4520b0bbaf466ba3ea331bee73850249062294d1fc2591ceffe80b9a358
                                                                                                                                                                                                                            • Instruction ID: 18f848c8db7d3cc4976b05d33e8265fc8845b500c4d40f0977c2a9509f34f552
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db6cf4520b0bbaf466ba3ea331bee73850249062294d1fc2591ceffe80b9a358
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49A17DB7F1122507F3844878CDA83626593DBD5321F2F81398B496BBC9DC7D9E0A5384
                                                                                                                                                                                                                            Function 008784DC Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: !
                                                                                                                                                                                                                            • API String ID: 0-2657877971
                                                                                                                                                                                                                            • Opcode ID: 701431a64c3078382bdbc89f59340e52602b8e483b06eb6748056041bcc70b99
                                                                                                                                                                                                                            • Instruction ID: 72867a18a87e88e1ff7972224c5b04054c17b809f1a26fe661c83b5fff32feb3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 701431a64c3078382bdbc89f59340e52602b8e483b06eb6748056041bcc70b99
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7A167F3F1062447F3584939CDA836566839BE5324F2F82788F9DAB3C5D87E5D0A4284
                                                                                                                                                                                                                            Function 00737440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                            • String ID: _^]\
                                                                                                                                                                                                                            • API String ID: 2994545307-3116432788
                                                                                                                                                                                                                            • Opcode ID: 395f04bc01ab7ad82666dac6aca12e679c5bc50a59c55c0b2e1752b10732c848
                                                                                                                                                                                                                            • Instruction ID: a2ba85355e8e07ce85ead0f29c06ab72d381e9de1577d0b877d395ad7f6d1897
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 395f04bc01ab7ad82666dac6aca12e679c5bc50a59c55c0b2e1752b10732c848
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E7117F1A083049BE72C9A28DC93B7BB6A5EF85314F18853CE48687293E27CDC05C756
                                                                                                                                                                                                                            Function 007CA356 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: h_7
                                                                                                                                                                                                                            • API String ID: 0-3892674426
                                                                                                                                                                                                                            • Opcode ID: 6595370ab4865d7c61ec3d6c81c18c366871ed55ec8126895a0968f9b8a80986
                                                                                                                                                                                                                            • Instruction ID: 191265bd1cced90b0857e707428d03ca8092d8851f663c9ab348744fcb07bc94
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6595370ab4865d7c61ec3d6c81c18c366871ed55ec8126895a0968f9b8a80986
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C68191B3F5162107F3544879CD983A26583DBD5324F2F82788E5CABBCAD8BE5D0A5384
                                                                                                                                                                                                                            Function 0073C53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: x|*H
                                                                                                                                                                                                                            • API String ID: 0-3309880273
                                                                                                                                                                                                                            • Opcode ID: de9e02eed0e07418982c8ce4702063e7947cb039dc48af1748f43197775131c7
                                                                                                                                                                                                                            • Instruction ID: 1550c38f49625a256e343418c0dd0f30349e06bc4bc69c35f72b5c3dfcf90481
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de9e02eed0e07418982c8ce4702063e7947cb039dc48af1748f43197775131c7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 317106706047928FE72ACF39C4A0722BBD2AF56305F18C4ADD4D79B797D63998058710
                                                                                                                                                                                                                            Function 007AC233 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: LYo
                                                                                                                                                                                                                            • API String ID: 0-3836473094
                                                                                                                                                                                                                            • Opcode ID: fc7cf71e8ace076f6a2997a9833a552cb909a9b414f7eb6d86851b98c644782b
                                                                                                                                                                                                                            • Instruction ID: 19c459bdf3ea94994fb96c8e4e805fc8ce4ce6b94c7d77f080f8e4b26387c499
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc7cf71e8ace076f6a2997a9833a552cb909a9b414f7eb6d86851b98c644782b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4481BDB7F502254BF3944D69CC983A17293DB95310F2F417C8E48AB3C5DA7E6D0A9384
                                                                                                                                                                                                                            Function 00778210 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: vkV`
                                                                                                                                                                                                                            • API String ID: 0-2327944983
                                                                                                                                                                                                                            • Opcode ID: 1db816bff501cca8845ab4437aa7edc91c8a987363d877628056363b280d02c0
                                                                                                                                                                                                                            • Instruction ID: 9378e530b12179454817ff0b0e2a8023ec2d6909aeb7d03c33078b4fe671936f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1db816bff501cca8845ab4437aa7edc91c8a987363d877628056363b280d02c0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4381A0F3F502244BF3544968CD983A17693D795354F2F82388E48AB7C5E9BE5E0A53C4
                                                                                                                                                                                                                            Function 008005D4 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: g
                                                                                                                                                                                                                            • API String ID: 0-30677878
                                                                                                                                                                                                                            • Opcode ID: a34614bb21cff86509f45cc455fc7afb25f7e20d8e181bc1ccdcaa52a4783a99
                                                                                                                                                                                                                            • Instruction ID: cdc20c8185e5ec4a6626650d61a1e592b97eae45bb693312d723f8acc0cd622f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a34614bb21cff86509f45cc455fc7afb25f7e20d8e181bc1ccdcaa52a4783a99
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30818CB3F6162147F3988879CD993A265839BD4314F2F82388F59ABBC5DC7D4E095284
                                                                                                                                                                                                                            Function 0071D021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: _^]\
                                                                                                                                                                                                                            • API String ID: 0-3116432788
                                                                                                                                                                                                                            • Opcode ID: 770c4d967f6774c04132bfb4039eb2c0818c02fad0e6581e34502c13051274bf
                                                                                                                                                                                                                            • Instruction ID: 968ca31046417c92a52c8adf3e9d9e50109704a9000859a6e0d6d2cf27d64df8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 770c4d967f6774c04132bfb4039eb2c0818c02fad0e6581e34502c13051274bf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A5104703407109FC7348B18D8E06B6B7E1EB5A715758C92CD9A7876A2C2B9FC82CF55
                                                                                                                                                                                                                            Function 0073C0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: N&
                                                                                                                                                                                                                            • API String ID: 0-3274356042
                                                                                                                                                                                                                            • Opcode ID: caef9f07cd51f81f13463f2c251824c8d17607affc531c657cc61428df5b8e66
                                                                                                                                                                                                                            • Instruction ID: 881b472e74d0438c390e8f455cb2be6456e0d594816d031e79293c2ce4777f3a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: caef9f07cd51f81f13463f2c251824c8d17607affc531c657cc61428df5b8e66
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7851F665614B804BE72ACB3A88513B7BBD3ABDB310F5C969DC4D7D7686CA3CE4068710
                                                                                                                                                                                                                            Function 0081307D Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: _aH>
                                                                                                                                                                                                                            • API String ID: 0-50248025
                                                                                                                                                                                                                            • Opcode ID: 1cc98971b1f96a377267d42d05cdddad0e176128eaa380f266e70656cd8425d3
                                                                                                                                                                                                                            • Instruction ID: cc413d4d381eac143af9d7e208efe32b568429b7bd7032f51bdba7057ad0c070
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1cc98971b1f96a377267d42d05cdddad0e176128eaa380f266e70656cd8425d3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B71D0B3F102244BF3444D28CDA83A13653DBD5324F2F42788E496B7D5D97E5E0A9384
                                                                                                                                                                                                                            Function 0078418B Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: N
                                                                                                                                                                                                                            • API String ID: 0-1130791706
                                                                                                                                                                                                                            • Opcode ID: 81ed556c4054af957765a9bc660840093b98d53f83da3456e3ae35a4c627e307
                                                                                                                                                                                                                            • Instruction ID: c5d8fdf98d466daac6cf446b162de6c713bceed5fc6550200bda0a108f66935a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81ed556c4054af957765a9bc660840093b98d53f83da3456e3ae35a4c627e307
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9871A6B3F5022447F3844D38CD983A13692DB95310F2F817C8E599B7D5D97EAE09A384
                                                                                                                                                                                                                            Function 0073C09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: N&
                                                                                                                                                                                                                            • API String ID: 0-3274356042
                                                                                                                                                                                                                            • Opcode ID: 61804aa1e04f41684d0908dd8eeda824810db471e4ecf56f8f0160ece7f6e7a9
                                                                                                                                                                                                                            • Instruction ID: 862ff5e6e5a07fcae1976b6fe04a9712a32338f5a5d415160b808c86e5327a79
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61804aa1e04f41684d0908dd8eeda824810db471e4ecf56f8f0160ece7f6e7a9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0510865615B804AE72ACB3A88513B37BD3BF9B310F5C969DC4D7DBA87CA3C94028711
                                                                                                                                                                                                                            Function 00858256 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                            • API String ID: 0-2343686810
                                                                                                                                                                                                                            • Opcode ID: 7fc2008a0de0dafb4fb3c128cded590178cb8b89d1b1c4136a8ae6bbac623e90
                                                                                                                                                                                                                            • Instruction ID: 936a978a3846c3185fc069a4d9781716af750fc5bbf00a32833c37c7592ae4bc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fc2008a0de0dafb4fb3c128cded590178cb8b89d1b1c4136a8ae6bbac623e90
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F519EB3F111254BF3548838CD983A13553DBD5314F2F823C8A5DABBD9D93E6E0A6284
                                                                                                                                                                                                                            Function 007DB150 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: J
                                                                                                                                                                                                                            • API String ID: 0-1141589763
                                                                                                                                                                                                                            • Opcode ID: 43055da8aafb36de3adf8314700af42439eaba7cdb1d16cb536f78e6700e93fd
                                                                                                                                                                                                                            • Instruction ID: 197afef78d82b107f983a643f95b30c1d7806f18567a90dd10ff8e58d6532eeb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43055da8aafb36de3adf8314700af42439eaba7cdb1d16cb536f78e6700e93fd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 445158F3F1152047F3584929CCA83616693ABE5324F2F813D8B5DAB7D4DD7E9E0A4288
                                                                                                                                                                                                                            Function 00751160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                            • API String ID: 0-2766056989
                                                                                                                                                                                                                            • Opcode ID: 4bdeb3adde8527b483e993d2f73508404986d2f3f01253100b70a64950b70321
                                                                                                                                                                                                                            • Instruction ID: b81b1aee176f8f62cb76736239ab3f9e6cce665ce2a6350e7ad96af04acf98fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bdeb3adde8527b483e993d2f73508404986d2f3f01253100b70a64950b70321
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 714114B16043109BD714CF14CC557BBBBA1FFD5356F488A2CE9855B2A0E3B99908C782
                                                                                                                                                                                                                            Function 0073C465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: AB@|
                                                                                                                                                                                                                            • API String ID: 0-3627600888
                                                                                                                                                                                                                            • Opcode ID: 01b69ce726721080615d06eb834ac55be33cbaa772420fc69182ce7db9f769ab
                                                                                                                                                                                                                            • Instruction ID: 933e58a01bbb06143d37490b27fe17e30b33287c3aff70f8242e57c5f2e5be55
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01b69ce726721080615d06eb834ac55be33cbaa772420fc69182ce7db9f769ab
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E241F2711047928FD7228F39C8507A2BBE2FB97310F189698C0D29B297C738E855CB50
                                                                                                                                                                                                                            Function 00738528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: _^]\
                                                                                                                                                                                                                            • API String ID: 0-3116432788
                                                                                                                                                                                                                            • Opcode ID: 353f4e6f271d017d2611cf7b677ddda20817a21e5d3d801f73973bd6ab6ae3cf
                                                                                                                                                                                                                            • Instruction ID: 2943f0ea2399e129a8323e7037d62fb145d992ec0f7ec8c1f4689c59a8ff9200
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 353f4e6f271d017d2611cf7b677ddda20817a21e5d3d801f73973bd6ab6ae3cf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92213C706083009BEB6D8B34C891A7BB3A3FB95314F38563CE153127A3CB7D9801868B
                                                                                                                                                                                                                            Function 00750340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                            • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                            • Opcode ID: f9d82cf59aaa52d05a4d2018a2d95a2e8150e6e18500e3f8e4c89064b75e9467
                                                                                                                                                                                                                            • Instruction ID: d337f1290e752363b6fbdca65473c289cc90a2fc426c226da064c62b9bd646c3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9d82cf59aaa52d05a4d2018a2d95a2e8150e6e18500e3f8e4c89064b75e9467
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC31E1715083449BC314DF58D8D26BFBBE4FBC6324F18893CEA9987290D7799848CB96
                                                                                                                                                                                                                            Function 0073E180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c40a070a78cb1e9652c1a3170986193d1a63448de9bb313249ed89f170bfdf6c
                                                                                                                                                                                                                            • Instruction ID: f6fec17a726596cb0de484a324a441a381f43f4e3a38e516385b39a304536025
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c40a070a78cb1e9652c1a3170986193d1a63448de9bb313249ed89f170bfdf6c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A62B4F1511B019FD3A0CF29C881793BBE9EB89311F14892EE5AAD7311CBB46505CFA6
                                                                                                                                                                                                                            Function 007173D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                            • Instruction ID: d41a5e4ad31ce2a2d303b8529af8024a6ca591f44e1bd4c59455b950448a5cbc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e797157fb35717b6a91bbe19d3c6782b16ec68ef1e5ad1ec3f47f605a4e618f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4322A171A0C7118BC729DF1CD8806EBB3F2EFC4315F19892DD98697285D738A995CB82
                                                                                                                                                                                                                            Function 007C256A Relevance: .6, Instructions: 564COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4dae2199006146ce3a1a711c81624f52a98a6fedcbed430f264a46f6449ec667
                                                                                                                                                                                                                            • Instruction ID: 9fbcebd3cd734b2decc4e415d12aff466b1d4e8d1b53171d264eff4c669592aa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4dae2199006146ce3a1a711c81624f52a98a6fedcbed430f264a46f6449ec667
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B1257B3E119250BF7640879CD583A15A8357A5324F2F827C8E9CBB7D2D8BE4D4A43C4
                                                                                                                                                                                                                            Function 007F3113 Relevance: .5, Instructions: 501COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 368e3bd7e27b09bb80ca0296679f4f042eeed5f27e5479f61da18d0156229834
                                                                                                                                                                                                                            • Instruction ID: 21365d918c1b1fa52d71d77013195ca4b9857fec6ac6bde0b0e1c1b702f81cb6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 368e3bd7e27b09bb80ca0296679f4f042eeed5f27e5479f61da18d0156229834
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F1BFB3F141114BF3485E28CC99376B696EBD4320F2B863D9B899B7C4D93E9D098385
                                                                                                                                                                                                                            Function 007B4416 Relevance: .5, Instructions: 478COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: dde1c7949c366414d7579777b5dcbcd7ad380be700b18edc876d6e824049eb32
                                                                                                                                                                                                                            • Instruction ID: 493f610eb5a2961626ed681781c5c25fe40627b56818e11cc617fe4430660241
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dde1c7949c366414d7579777b5dcbcd7ad380be700b18edc876d6e824049eb32
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEF1E2F3F112244BF3544979DD88366BA97DBD4320F2B82398B88977C8E97E5D098384
                                                                                                                                                                                                                            Function 008323F7 Relevance: .4, Instructions: 435COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: f4d07b828daf31df950445235b1f5ecc5fa81ce4147aa5310bbc71a93545dd0d
                                                                                                                                                                                                                            • Instruction ID: dcb2c9e347909bec345400e47fde44d1ecc17a5d863692b8274026c469518abd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4d07b828daf31df950445235b1f5ecc5fa81ce4147aa5310bbc71a93545dd0d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15E1E2F3E052148BF3449E29DC98366B792EBD4320F1B863CDA88977C4D9796D098786
                                                                                                                                                                                                                            Function 00872415 Relevance: .4, Instructions: 425COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 7a44f3c348170f82ac4429f8aec3fae90d5d8d0413f3603adbe81928d6d5c279
                                                                                                                                                                                                                            • Instruction ID: ca19d0e85a434be6a6320bd4b1f8260b27ad27ca882cda44a072f1cf3cef55aa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a44f3c348170f82ac4429f8aec3fae90d5d8d0413f3603adbe81928d6d5c279
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DE1B0F3E142208BF3445E28DC95366B6E2EB94720F2B453CDAC8977C4EA7D9D058786
                                                                                                                                                                                                                            Function 0088E09C Relevance: .4, Instructions: 415COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c42f0c2f838d2500e97ba720764a3f99ee453a9141ad165dee606c9b1c067d6e
                                                                                                                                                                                                                            • Instruction ID: a1f933b10be73900684b865fb8ff58b2ccb380ccde98b6681fa385fe4b42a49d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c42f0c2f838d2500e97ba720764a3f99ee453a9141ad165dee606c9b1c067d6e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71D1EFB3F012204BF3544D39DD98366B696DBD4320F2F823D9E48AB7C8D93E5D0A8284
                                                                                                                                                                                                                            Function 007EE237 Relevance: .4, Instructions: 393COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 5326ae51ed5c58af00b6e9f81ed7f198d867979d8453f32b35d59df2299237cf
                                                                                                                                                                                                                            • Instruction ID: d8e696294bc2ecdd75f34564631cb196e22e1e1a0b116f18a7491b1ead3c1f83
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5326ae51ed5c58af00b6e9f81ed7f198d867979d8453f32b35d59df2299237cf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6D189F7F512250BF3584839CDA83A62583DBD5314F2F82388E596BBC9DC7E5E0A5284
                                                                                                                                                                                                                            Function 0083458E Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 3b2f959e4a08fac779a865f2e1cd23d875bb42ac5073adec51a50c81c7c7306a
                                                                                                                                                                                                                            • Instruction ID: 19b8e38e470db528ea1e716b6dac53e37f6baa606be70808134ba6483d1d1bfb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b2f959e4a08fac779a865f2e1cd23d875bb42ac5073adec51a50c81c7c7306a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AD1ADB3E1123147F3644978CC98392A6829795324F2F82788F5CBB7C5D9BE9D0A53C4
                                                                                                                                                                                                                            Function 007BD0DB Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 6a4848d83d336604f344e7065e9ac178a985729f40c74b853a714e221b1a7ba8
                                                                                                                                                                                                                            • Instruction ID: 35649a35a6b2d1482ade8e4043cde8511125bfe9d992f3ec059f101c358372c2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a4848d83d336604f344e7065e9ac178a985729f40c74b853a714e221b1a7ba8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34D19CB3F2022147F3584978CD983A16683DB95324F2F42388F58AB7C5D97E9E495388
                                                                                                                                                                                                                            Function 0080A0FB Relevance: .4, Instructions: 379COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: db7fd14b20c8b05423159bcab0c4b05e6f40e3a4af987c375afd8f6a68c081bb
                                                                                                                                                                                                                            • Instruction ID: 03aea7d1bbf87e4905d15971861252c48268401a769abb8b38548b7cc3c0d50c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db7fd14b20c8b05423159bcab0c4b05e6f40e3a4af987c375afd8f6a68c081bb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99D16BB3F102254BF3584978CDA83A27683DB95324F2F82388F59AB7C5D97E9D095384
                                                                                                                                                                                                                            Function 007A0236 Relevance: .4, Instructions: 378COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: e96540b2005b042829a38be6f4f4b6559c011df418cce63cc3813646a56aed66
                                                                                                                                                                                                                            • Instruction ID: 69dbacb639fd80c5f57e345113e979d81ef46207c42144749161a54992fd6cb0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e96540b2005b042829a38be6f4f4b6559c011df418cce63cc3813646a56aed66
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D1B9B7F112214BF3480D28CC983A66693DBE5315F2F82788F486BBC9E97E5D495384
                                                                                                                                                                                                                            Function 0086E279 Relevance: .4, Instructions: 370COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 478434fd4c43962f3dc875b9bfc0cbcb2445db636edd11f11adf8da383f059ae
                                                                                                                                                                                                                            • Instruction ID: 421141a231b44714e649ed6f0810440c9f38b2e4455df8034d927a7c9f8916f9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 478434fd4c43962f3dc875b9bfc0cbcb2445db636edd11f11adf8da383f059ae
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BCC168B3F1162507F3544979CD98362A683DBE5314F2F82788F08AB7C9DD7E9D0A9284
                                                                                                                                                                                                                            Function 00868196 Relevance: .4, Instructions: 369COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 5bb0c63b9bc1793bd94d89f2abff1afbad995dc317cfcf144136e31e58a6874f
                                                                                                                                                                                                                            • Instruction ID: b4b25ac759e66975809ef8c9cb476ac7185318a4ea88f59ba5177ad59f384663
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bb0c63b9bc1793bd94d89f2abff1afbad995dc317cfcf144136e31e58a6874f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DED18CF3F5122547F3544968DC983A27682DB94320F2F82388F59AB7C5D97E9D0A5384
                                                                                                                                                                                                                            Function 008565AE Relevance: .4, Instructions: 359COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 775816de8e8bffe6553bbb854719ca611e09bad737618911d375c4e586e72922
                                                                                                                                                                                                                            • Instruction ID: cf08246b7837a50a69902f78f435125a193124974e73eb6e1764b9dbd6d6476b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 775816de8e8bffe6553bbb854719ca611e09bad737618911d375c4e586e72922
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEC1F3B3F5122247F3544C78CC983A26683DBD5320F2F82788E18ABBD5D97E5D0A9384
                                                                                                                                                                                                                            Function 00782379 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4a88cbfb9476652b74ecbac030a5ac3e22777d6367b888d57a1e59c426d608af
                                                                                                                                                                                                                            • Instruction ID: 38e5e79f4ed2c7302583abc7fb3cf94060ab373a3d6b7736a2b92f7d64609179
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a88cbfb9476652b74ecbac030a5ac3e22777d6367b888d57a1e59c426d608af
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58B11FB3F042204BF3585E2DCC993A6B6D6EB94320F1A453E9B89977C4E97D9C058385
                                                                                                                                                                                                                            Function 008542E5 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 77b15dc126ec352d71407970b5100129a053ece0dbb736916f2f3729de408f66
                                                                                                                                                                                                                            • Instruction ID: 9975e4801909f3c75659b0912592077d4375a4285006127175bb5a423dad8d6e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77b15dc126ec352d71407970b5100129a053ece0dbb736916f2f3729de408f66
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CC1AFB3F115254BF3944939CD883A266839BD5320F2F82788E5C6BBC9DD7E5D0A5384
                                                                                                                                                                                                                            Function 007B241F Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 7481cae2c7ab649a6c391f26cd9b19374b1ce52a48dcf5840dc41fc12636b8e0
                                                                                                                                                                                                                            • Instruction ID: 26a9c1483eeb3856f4e31c3de353f1fbe5320499e2c13e9b47cc9182c06e1cc4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7481cae2c7ab649a6c391f26cd9b19374b1ce52a48dcf5840dc41fc12636b8e0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5CC18AB3F0112547F3984D39CCA83A67692EB95310F2B827C8B496B7C4ED7E5D0A9384
                                                                                                                                                                                                                            Function 007A8377 Relevance: .3, Instructions: 343COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 6590b963c84a77fc0d14c7b0f700885853c2460c9aed4df69b21e9f187a22263
                                                                                                                                                                                                                            • Instruction ID: 22e2f620fe3ca0e06c851dfb23af731d80087681cff6ea5e235d56f8f4e95bae
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6590b963c84a77fc0d14c7b0f700885853c2460c9aed4df69b21e9f187a22263
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BC18CF7F506240BF3944978CDA83A2268297D5324F2F82788F5D6BBC5E87E4D0A5384
                                                                                                                                                                                                                            Function 0079F041 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 99cfd52f6417d1c1e0e53560e69f817535575eaf32e4679aa6e3e3900d4d0915
                                                                                                                                                                                                                            • Instruction ID: c921289675c53c428d71a689c36eeb5ee14e822e3f2bd8617fe783eab39951ba
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99cfd52f6417d1c1e0e53560e69f817535575eaf32e4679aa6e3e3900d4d0915
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80C159F3F1022547F3544978CDA83626692DB95314F2F82788F4CABBC9D97E5E095384
                                                                                                                                                                                                                            Function 0081449A Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 95a7152ab57547d375afc831726521de7262f3fc9181ff7b695b4889cb1d5065
                                                                                                                                                                                                                            • Instruction ID: a5e11d12401a65c044bce02501c3b4b059a53287ba65877d7152f84ca9c22213
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95a7152ab57547d375afc831726521de7262f3fc9181ff7b695b4889cb1d5065
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4C179B3F1123507F3904978CCA83626652DB95324F2F82788E5C6BBC9D97E5E0A93C4
                                                                                                                                                                                                                            Function 0072E220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 22f9883ce024901a23ccd73bef06f85169d9280304c026031fd5079f781a38fb
                                                                                                                                                                                                                            • Instruction ID: 173069fc72bd499b2612c96d2bc97fc7e7f43198a17078c8a6169c2ac02b0f54
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22f9883ce024901a23ccd73bef06f85169d9280304c026031fd5079f781a38fb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AB13671504321EFD7109F24DC46B6ABBE2FFD4319F148A3DF998932A1E73A98148B42
                                                                                                                                                                                                                            Function 0087004F Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: de5f8bee080565855fbae4729b59539410e6d4c68f583ee177e9fde18be0fde1
                                                                                                                                                                                                                            • Instruction ID: 5f56601dc19cdea286c5fa00ace4cfce2302b73a70fa3a78a85d54c063811a34
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de5f8bee080565855fbae4729b59539410e6d4c68f583ee177e9fde18be0fde1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0B16EF3F516254BF3544839CD983A26583DBE5320F2F82388E5CABBC9D97D9D0A5284
                                                                                                                                                                                                                            Function 008462EA Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 1fb56ba7f19b662b7895a0563ccc2db0104781143ff1ed65cdb3013b42e4bf25
                                                                                                                                                                                                                            • Instruction ID: 02e9a4d440ade2d9d7aee7f7b3b8e9e70b632004d087dc9be31918da1b8812ff
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fb56ba7f19b662b7895a0563ccc2db0104781143ff1ed65cdb3013b42e4bf25
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FB18EB3F1122547F3444E29CCA83A27693EBD5314F2F817C8A496B7C9D97E5D0A9384
                                                                                                                                                                                                                            Function 007F70B5 Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 19a52ad3cb6e8faee5750841b28dd7dcd05354f88423c957681fe9f427a1570b
                                                                                                                                                                                                                            • Instruction ID: baea6aaa077d70c7b3dde4c6f4350b7621f44d179894d0a0c4ca51ebdd9c8962
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19a52ad3cb6e8faee5750841b28dd7dcd05354f88423c957681fe9f427a1570b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16B16CF3F1162547F3544868CD983A26543DBD5324F2F82388F68AB7D6D8BE9D065384
                                                                                                                                                                                                                            Function 007CF15C Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: e07babe1651b6dbafbc195979dfe590a1438a059ab677d447aa5313d3d4fde16
                                                                                                                                                                                                                            • Instruction ID: 6b746aee64d729e1de8bf57607e7f9b3baf7a5810a7c880c6660902a2b63d805
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e07babe1651b6dbafbc195979dfe590a1438a059ab677d447aa5313d3d4fde16
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17B19EB3F112154BF3844D29CC983A17653EBD5324F2F82788E58AB7C5DA7E9E099384
                                                                                                                                                                                                                            Function 0085C3F3 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 117dbd7fedafb79eb0e65bd8c4bcc0e459b7413816d74769b3aa4e386c74e73b
                                                                                                                                                                                                                            • Instruction ID: ef1908207741dd48b4e15cfd1813763cd9bc0c875a5fa5245e66b2f6a598834a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 117dbd7fedafb79eb0e65bd8c4bcc0e459b7413816d74769b3aa4e386c74e73b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AB178F3E1022547F3944979CD983627682EB95314F2F82788F8C6B7C5D97E9E0A5388
                                                                                                                                                                                                                            Function 00844252 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ee50b6d96c88e1c712db3e94e81a6749662eee4c327a6f30eb7cdca54ec1d0fd
                                                                                                                                                                                                                            • Instruction ID: f0db0b9c900d0b147f36c5ba2f61d5ccef7fed6e99505cf37e21921cb9832c8a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee50b6d96c88e1c712db3e94e81a6749662eee4c327a6f30eb7cdca54ec1d0fd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2A1ADB3F112254BF3544D28CC983A27693DBD5314F2F82788E48AB7D9D97E9E099384
                                                                                                                                                                                                                            Function 00716160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                            • Instruction ID: baf3ac72304b4759e9fd7d4f0fccf9e0d6fac9ebdd1b5b4ec4fe7826ea868ac6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a47cf4779e96c498a3bacb3a1360b7721c88dbd32f3e99254b456f432f8d3c8a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76C15CB29587418FC360CF68DC86BABB7F1BF85318F08492DD1D9C6242E778A155CB46
                                                                                                                                                                                                                            Function 00788330 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: e93277171ab823932848eb2126d9854a89f33bf1b0c154954378d7111816b8ba
                                                                                                                                                                                                                            • Instruction ID: 565d5b0874b9f4baf315255ef6557104ca368b5c44ee91009707d84fd43df98e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e93277171ab823932848eb2126d9854a89f33bf1b0c154954378d7111816b8ba
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EB18CB3F112254BF3444E28CC983627693DBD5314F6F81788E486B7C5EA7E6E4A8384
                                                                                                                                                                                                                            Function 00888159 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: dcaf5ef782846f6a2cd73b39d8020edcf8666fc2d366db8753ac2100b8c20164
                                                                                                                                                                                                                            • Instruction ID: cbbe000bdf80e08c23ffc8d6d82d27b425265cfb34045215870d7ac9ebbb4aa6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcaf5ef782846f6a2cd73b39d8020edcf8666fc2d366db8753ac2100b8c20164
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7B1ABB3F102254BF3944928CC983627693DBD5324F2F82788E4CAB7D5D97E9D0A9384
                                                                                                                                                                                                                            Function 0087B197 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 28d355cf4e531fee594b172ee234a72d201dc5579c8c8674d3b57290f793584f
                                                                                                                                                                                                                            • Instruction ID: fe888ee0b848643f574084b02eb376d73e9fb97b4c2059686fcbaf52699285dc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28d355cf4e531fee594b172ee234a72d201dc5579c8c8674d3b57290f793584f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7A1A0B3F5122607F3544838CD983A26693DB95320F2F82788E5CAB7C9D97E9D0A53C4
                                                                                                                                                                                                                            Function 007F6337 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b63304d5c92cc8864bc40a428b0399ca26ded7e9b52739473f66528eababf749
                                                                                                                                                                                                                            • Instruction ID: 6c7c95dd2b25a9604a897b4351e2604d4508081db9a3036a7489860cc36b3a28
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b63304d5c92cc8864bc40a428b0399ca26ded7e9b52739473f66528eababf749
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60A19DF7F612254BF3444879CD983926683D794324F2F42788F58AB7C6D8BE9D0A4388
                                                                                                                                                                                                                            Function 008643D8 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 5cbdae6f456dbecca7999ac842ae19bca97a99e17b577aed958de5e9dc744ad3
                                                                                                                                                                                                                            • Instruction ID: 10067495c09bc130c5a242fefe96d3e98f1e759c9c756e82137e52830a731029
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cbdae6f456dbecca7999ac842ae19bca97a99e17b577aed958de5e9dc744ad3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48A19CB3F5162547F3884865CCA83A26583DBE1320F2F823C8F59AB7D5D9BE5D0A5384
                                                                                                                                                                                                                            Function 0087A30F Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 28424d9b6a886ed10914a197c862cd9e3a4104c0d23657b2b86e5d26a643525b
                                                                                                                                                                                                                            • Instruction ID: 55906d4405c64e0584a894f969a29d69896f146f61d79f15bba6f49d52ab24ad
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28424d9b6a886ed10914a197c862cd9e3a4104c0d23657b2b86e5d26a643525b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78A19FB3F112244BF3444E29CC983A17693EBD5324F2F82788E589B7C5D97E9D0A9384
                                                                                                                                                                                                                            Function 0087637D Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 15ca0b7503ef012d2adc4a601cadfed0cfdc4c2425591292f0c413038816aa62
                                                                                                                                                                                                                            • Instruction ID: cd239a9a5d18caaf27ee78ec9d0e57b3c330f226cf243ffa46a7f7d5de121b72
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ca0b7503ef012d2adc4a601cadfed0cfdc4c2425591292f0c413038816aa62
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FA17BB3F112254BF3544D69CC983A26693DBD1320F2F82788E486BBC9DD7E5D0A5384
                                                                                                                                                                                                                            Function 0077A3EF Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ea0316e0508f5dabcf7405417a6a0613c679ec1e782c001f157557df37240715
                                                                                                                                                                                                                            • Instruction ID: 92a4bf9b8dd2bab91cd54f8eaf9bc0c264b191794291777d7f33a193a5ba0683
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea0316e0508f5dabcf7405417a6a0613c679ec1e782c001f157557df37240715
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04A16CB7F1022547F3944939DD983622593DBD5314F2F82388F4CABBC9E87E9D0A5284
                                                                                                                                                                                                                            Function 008071FE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: fd52008600f37a80a0088e9aa811141ea90569a05500e4f9ac9e0300beb73a96
                                                                                                                                                                                                                            • Instruction ID: f361e582073757bb4fa13f3f9eba726544b76fc5aaeadca987664d00c514b0c9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd52008600f37a80a0088e9aa811141ea90569a05500e4f9ac9e0300beb73a96
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79A159B3F1122507F7884878CDA836666839BD4324F2F82398F5DAB7C5DD7E9D0A5284
                                                                                                                                                                                                                            Function 00886133 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 7f3093fd22a1b583d0a7ab11e3940a3302689c188ab937f12b0b91da28436ccb
                                                                                                                                                                                                                            • Instruction ID: e3611e281b45abfda8766329dd95f37472e7a974ecf735f130056ce011bce6ab
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f3093fd22a1b583d0a7ab11e3940a3302689c188ab937f12b0b91da28436ccb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCA18DB3F1022547F7544D28CCA83667692EB95320F2F423C8F59ABBC5D97E5D09A384
                                                                                                                                                                                                                            Function 007F236C Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 1b39acd370660c1f02b240a1eefae7bee4d99af80f6aa379a915e64819043c48
                                                                                                                                                                                                                            • Instruction ID: 5683cd9e14d3c7bec1ff7ef08175abe5b5b9792cdeda3aa4b8cf7a262d0ef540
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b39acd370660c1f02b240a1eefae7bee4d99af80f6aa379a915e64819043c48
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3A1A0B3F2122547F3944D38CC983A17693DBD6320F2F82788A589B7C5D97EAD099384
                                                                                                                                                                                                                            Function 007D301D Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 08113ad681e27e1793b2d6e0f430522e40a28bad1fc21f5163af0f8968012021
                                                                                                                                                                                                                            • Instruction ID: 1812540e85f59c5e8c4ca102a1a6ce4c8d9c4b3efa5c1d8a4074ff71b46a8293
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08113ad681e27e1793b2d6e0f430522e40a28bad1fc21f5163af0f8968012021
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90A19BB3F1162447F3484939CDA83A176939794324F2F82788F49AB7C5D97E5E0A9388
                                                                                                                                                                                                                            Function 007F41E2 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: e91145be5f1fdb3c92314706d63b4eb44c851b24f595dd729f4fa680f73a1202
                                                                                                                                                                                                                            • Instruction ID: da32b93ebc2b980e2eedb3b778bb97506ce7757890d454581829768cac27e214
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e91145be5f1fdb3c92314706d63b4eb44c851b24f595dd729f4fa680f73a1202
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3A190F3F506254BF3844878CDA93A26582D7D5314F2F82798F099B7C6D8BD9E0A5384
                                                                                                                                                                                                                            Function 0079032E Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 56610793fa870cea849487e464bd8b8adcaa61414f0c8b75366fee738d50fcbb
                                                                                                                                                                                                                            • Instruction ID: 7e7c43c59c990ad522ef6e14fd2f98279a6eca481e21fc0bc6bf60b3be09a5ea
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56610793fa870cea849487e464bd8b8adcaa61414f0c8b75366fee738d50fcbb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44A1AFF3F216254BF3484939CDA83622693DBE4315F2F81388B099B7DADD7D990A5384
                                                                                                                                                                                                                            Function 008480D1 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 89f5a502dbf0a865b762b4aaa4ba0460829f436760c69d5bfe2d08eb16b54a32
                                                                                                                                                                                                                            • Instruction ID: e7b26895b02105ae68b54a110acea173e8debe7d2e6ae7adb5f6a13c80371f84
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89f5a502dbf0a865b762b4aaa4ba0460829f436760c69d5bfe2d08eb16b54a32
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FFA16DF7F502250BF3544879DD983626583DBE4314F2F81388F48AB7C6D9BE9D0A5284
                                                                                                                                                                                                                            Function 0077C1B0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: d1713a90d398ac5407d0220c25286c927d699077ef0b54b8d3c895084ba1a7b1
                                                                                                                                                                                                                            • Instruction ID: 11fe3af92a0375b360112a492ddedd271b4c8c13a52ea147f584248f90d2f604
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1713a90d398ac5407d0220c25286c927d699077ef0b54b8d3c895084ba1a7b1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58A16AF3E1122547F3904939CD9836266939B94324F2F82788E9C6B7C9ED7E5D0A93C4
                                                                                                                                                                                                                            Function 007B02D9 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c5d10cea362e2cf9906c417a222198d842ee387dfbe02742ad2845eb28249e5f
                                                                                                                                                                                                                            • Instruction ID: 309e26f13c825bbe9f066186d01da1da0f5dceed404efa6e5e35c566cca02312
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5d10cea362e2cf9906c417a222198d842ee387dfbe02742ad2845eb28249e5f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1A1ADB3F101244BF3544969CC6836272929BD5324F2F827C8E4DAB7D5E97EAD0A93C4
                                                                                                                                                                                                                            Function 008823C5 Relevance: .3, Instructions: 286COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 617b6db7bc324fdb63397e56cb4756272d8b6934af2f91b4f0cd9ccc62614bae
                                                                                                                                                                                                                            • Instruction ID: 8563e1dc499a60b76628b7ebd9b10efa94cfa450f0a99f461616e4fd2d93569d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 617b6db7bc324fdb63397e56cb4756272d8b6934af2f91b4f0cd9ccc62614bae
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DA18CB3F5022547F3544E28CC983A5B652EB95310F2F82788E8C6B7C5DA7E6E0993C4
                                                                                                                                                                                                                            Function 007860DD Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: d2a47e21e83a382de3b84938d7fcba921db967e92f9e5356a77c0814d9b7cf1a
                                                                                                                                                                                                                            • Instruction ID: bdbf1d735f343cb38f0c5b4b78c1367550888cfe9be13b8700e108667fae9c86
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2a47e21e83a382de3b84938d7fcba921db967e92f9e5356a77c0814d9b7cf1a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06A19BB3F1122547F3544D38CDA83A266829B94320F2F827C8E986B7C9DD7E5D0693C4
                                                                                                                                                                                                                            Function 0079A54B Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 59b6c0427d7ab1a10f1ca2d747f085882c7309e3e7ad1be666e05ed586f74896
                                                                                                                                                                                                                            • Instruction ID: ac7dc9438be8b1f72e1d9e283354477f7d4fb290873d5f2858d3dbb5bd1bd0c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59b6c0427d7ab1a10f1ca2d747f085882c7309e3e7ad1be666e05ed586f74896
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86A1ACF3F112244BF3500939DC983A2658397A4324F2F82788E9C6B7C5E8BE5D4A83C4
                                                                                                                                                                                                                            Function 00860443 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 9570f6d4e2127f441dafd00b1b2ee4fa136655596515ab51f542d5f223ddfef6
                                                                                                                                                                                                                            • Instruction ID: c1c592122cb9ce77674ff62f8d8389274962ef77633d89dddb8a5a31a9edd9b6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9570f6d4e2127f441dafd00b1b2ee4fa136655596515ab51f542d5f223ddfef6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9A18BB3F112250BF3544968CC983627693EB95325F2F81788E48AB7C9E97E5E0A5384
                                                                                                                                                                                                                            Function 007F5164 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 96a5e2f77151494ab892877dd2be77072fb245e7f176151a8d4aee8bad55df93
                                                                                                                                                                                                                            • Instruction ID: 33dc38b0f4488ff6f0da9916d330107fb25de1f5a0d830ba5652f4c2e6e102d3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96a5e2f77151494ab892877dd2be77072fb245e7f176151a8d4aee8bad55df93
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5A19FB3F1122547F3540D39CC983617693DB95320F2F82788E68AB7D9D97E9E099384
                                                                                                                                                                                                                            Function 00792327 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 3a1d3b698a932fe74f9a99d311c2eceff5c0e7339e2e297ddb234ef3523a4cb2
                                                                                                                                                                                                                            • Instruction ID: 1d7d8c183be9db683869cf9b0605b3d2992b0fabf67c8d97e7e1eb45708c470b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a1d3b698a932fe74f9a99d311c2eceff5c0e7339e2e297ddb234ef3523a4cb2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6A18CB3F116250BF3944928CCA43A13293DB95314F2F817C8E89AB7D5E97E6D4A9384
                                                                                                                                                                                                                            Function 00881108 Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 28f54195439fc2936548f959340a7933b865d0c39101f9c4d2483d14269843ec
                                                                                                                                                                                                                            • Instruction ID: d18207dc6bc52e77c2c36f19f3bbe01d2365b1841dff0be176ce63af563f9bd6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 28f54195439fc2936548f959340a7933b865d0c39101f9c4d2483d14269843ec
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30A16EF7F5122647F3484878CD693A26683D7A5320F2F42388F19AB7C5D97E9E065388
                                                                                                                                                                                                                            Function 008451E1 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ade843a2ad9187fb88ab9bb73a7c38f498b0d70fda1001da450a153f3e4abe44
                                                                                                                                                                                                                            • Instruction ID: 467a3ceefb17b142f7d86d541590af37b49b28510177a0e025e32f062036356d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ade843a2ad9187fb88ab9bb73a7c38f498b0d70fda1001da450a153f3e4abe44
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9A15CF3F5022547F3984939CD983626582DBA0320F2F827C8E9DAB7C5D97E9D0A5384
                                                                                                                                                                                                                            Function 00795102 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 5e8d158925ebe09158a826f642cddb63fa953517b56479b5db56ff4181dfaac4
                                                                                                                                                                                                                            • Instruction ID: cbec56b6a255236182ac4f451b868cb99787ba2bcd2216828ff49ac8fdf59023
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e8d158925ebe09158a826f642cddb63fa953517b56479b5db56ff4181dfaac4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7EA15EF3F2162547F3844864CDA83A26683D795324F2F82388F59AB7C5DD7E9E095384
                                                                                                                                                                                                                            Function 007AE45E Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: e789c9c91f10e32bea6e06b806ffb946a25fe9c6fb3a5107e6da608f9ef87bda
                                                                                                                                                                                                                            • Instruction ID: 6586ba7ccf8b847fffcbf5d060d632ee507174d07cf85038107f322d1aa3dcf2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e789c9c91f10e32bea6e06b806ffb946a25fe9c6fb3a5107e6da608f9ef87bda
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F091E3B3F106200BF3544938DC983A27692DB95324F2F8278CE48AB7C6D97E5D0A93C4
                                                                                                                                                                                                                            Function 0084A14F Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: d51ed12efd1ca288c9f3b41cbb7245dd6c6375a43abeadbbc22fcaae2086f22a
                                                                                                                                                                                                                            • Instruction ID: 82c65bead4bb70a3136b3a8e46903cdda0b8d41c8ca4171a4d7db9b133960b12
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d51ed12efd1ca288c9f3b41cbb7245dd6c6375a43abeadbbc22fcaae2086f22a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FA1BFB3F1022447F3584D38CDA83A13692DB95324F2F827C8E49AB7D5D97E9E099384
                                                                                                                                                                                                                            Function 0077E0A7 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 92b952eb1d4073f5c4eb626cf9fed43b42904cdd11444f0b4a34d672a5db7fc4
                                                                                                                                                                                                                            • Instruction ID: f124e8eb909f4953d92431cc12f43acd1e2d6777be921c1d600f384f1ec96fd3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92b952eb1d4073f5c4eb626cf9fed43b42904cdd11444f0b4a34d672a5db7fc4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45919EF3F5162507F3840969CC983A27693DBD5314F2F82388E589B7C6D9BE9E0A5384
                                                                                                                                                                                                                            Function 008624AB Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 570435c0f03e8d755b5e0c0e6fba01522d6205bfb190953222167a7974986182
                                                                                                                                                                                                                            • Instruction ID: 3fc2edbbfc8b0363507302cb733f8f5a41791c688c0745108009fd845dd62623
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 570435c0f03e8d755b5e0c0e6fba01522d6205bfb190953222167a7974986182
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F916BB7F1122547F3844D29CC983617693E7E5324F2F82388E886B7C5D97E5E0A5788
                                                                                                                                                                                                                            Function 007804CC Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 31978b86a09a69ef851ffff387c24588e04d76094f8a4b953772eebe4ce026a1
                                                                                                                                                                                                                            • Instruction ID: f701ccca81fffb8a556b26684d440a0dda0b0cbfb312051ce9993d6df681c7ae
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31978b86a09a69ef851ffff387c24588e04d76094f8a4b953772eebe4ce026a1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B91F2B3F412244BF3444939CC943A276839BD9320F2F42788A5C6B7D2DDBE6D0A9384
                                                                                                                                                                                                                            Function 007BA3E3 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4b37adae0695ccde12a6424c5826efc281571e0f0c60b9f7238776409488982c
                                                                                                                                                                                                                            • Instruction ID: 6ef832e6a69afcced03f207adf91e33ffeda0335ebbc29b122f7c41b375f2be3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b37adae0695ccde12a6424c5826efc281571e0f0c60b9f7238776409488982c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3091D1B3F1022147F3544938CCA93627682DBD5320F2F82788F99AB7D5C87E5E099384
                                                                                                                                                                                                                            Function 00772033 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 305790517fc8ef995060c585f074ec89bd8620510e2f0aaf36e3e367a3c6c95f
                                                                                                                                                                                                                            • Instruction ID: 31d2bbddc9772dd5242d7efd1326c04125e7eedec6e0d51f197c14ccffcec134
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 305790517fc8ef995060c585f074ec89bd8620510e2f0aaf36e3e367a3c6c95f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75914AB3F512254BF3404968CC983A1769397D5324F2F82788E5C6B7C5E97E9E0A93C4
                                                                                                                                                                                                                            Function 007E8033 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: fdf8809d8afac23ff9d78a0237bf18a6e06713df3b6d8cf7a627f757f39f4a53
                                                                                                                                                                                                                            • Instruction ID: 71f3b1d83488009ed5541ab303b4574f0dcd3c040ba33d8036c56836b60fc8a8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fdf8809d8afac23ff9d78a0237bf18a6e06713df3b6d8cf7a627f757f39f4a53
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1791ADB3F512244BF3544D28CC94391B693DBD5320F2F81788E48AB7D4DA7E9D0A9384
                                                                                                                                                                                                                            Function 0084A5AC Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b674dad7e9f5d09c0f0f3a662979cdbcbba285a283207cc9a7559a86ecdff140
                                                                                                                                                                                                                            • Instruction ID: cb1c1a911f1a93da9e2adc380d563ea425be4cb6cede9dadc7f926434261dd5e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b674dad7e9f5d09c0f0f3a662979cdbcbba285a283207cc9a7559a86ecdff140
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44918EF3F002214BF3584978CDA83626692D795320F2F82788E59ABBD5D97E5E0993C4
                                                                                                                                                                                                                            Function 008470D2 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: e632a2b4f61bc54ed859814f4f24f3d6e5c8166c87a5db88ba039d83b268aaed
                                                                                                                                                                                                                            • Instruction ID: 4b3221796359b385b6e2012790c7dbe68361c154f9b371a08721fb6b3727074e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e632a2b4f61bc54ed859814f4f24f3d6e5c8166c87a5db88ba039d83b268aaed
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44917DB3F102254BF3544D79CDA936272939BD5310F2F81788E4CAB7C9D97E9E0A9284
                                                                                                                                                                                                                            Function 0082C019 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 29f475db50ee3bb60005d438c3ba519992acc8034009692621f14b83a4e792d0
                                                                                                                                                                                                                            • Instruction ID: 3ba29d3c57127a70115b13c4eda8a32d6ea9933e0e5fb3e1b532e18b0b71e063
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29f475db50ee3bb60005d438c3ba519992acc8034009692621f14b83a4e792d0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C91ADB7F1062447F3984928CCA83666582EBA5320F2F823C8F5A6B7C6D97E5D0953C4
                                                                                                                                                                                                                            Function 00774179 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 01a95bb66c56a4d4f3c7916dcdcb3011ba03028d1f888f8be6fdc4d75de35a02
                                                                                                                                                                                                                            • Instruction ID: 1e99b3370b608462beb3a0e1e8ba85c74c44aefa7d1ca5020314073d3a89fd31
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01a95bb66c56a4d4f3c7916dcdcb3011ba03028d1f888f8be6fdc4d75de35a02
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40916DF3F1122547F3944879CC983A26283EBD5321F2F81788A48AB7C6DD7E9D4A5384
                                                                                                                                                                                                                            Function 0079E48B Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 2df118607c238c6e358f3ae18331d1f680661c09aed4e7d6a23dd049c038ba90
                                                                                                                                                                                                                            • Instruction ID: f19d4f05a88bc7876b614b37f58ce9e663548eac372629dda16762d4bc2fdf04
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2df118607c238c6e358f3ae18331d1f680661c09aed4e7d6a23dd049c038ba90
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2191AEB3F5022447F7584D68CCA83A1B292DB95310F2F827D8E4A6B7C5DD7E6D099384
                                                                                                                                                                                                                            Function 00772471 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b86510af8b5dee90c1553a649ab81b4c7d12181f9566eebf43a1059cb0c852b1
                                                                                                                                                                                                                            • Instruction ID: 5c3a22cedf14c19db2b1e28891b9d20a3b3a87ff8685f71f8b2e2f892f5a54a4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b86510af8b5dee90c1553a649ab81b4c7d12181f9566eebf43a1059cb0c852b1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA916BB3F1122547F3544D28CD983A27693DBD5320F2F82788E486B7C9D97E9D0A9384
                                                                                                                                                                                                                            Function 0078E063 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 950697883a64320dc960cef0f0babc2480ed4b2597f66cdb44acf904aa8c0419
                                                                                                                                                                                                                            • Instruction ID: 89f8548713f81a6f52563db2b5de6d1f127622fa5a6105b7d30ce7ce00ff7ed6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 950697883a64320dc960cef0f0babc2480ed4b2597f66cdb44acf904aa8c0419
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA9136B3F111254BF3644E29CC943A176539BD5324F2F82788E8C6B3C5EA7E6D0A9784
                                                                                                                                                                                                                            Function 007AA541 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: dbccffd17c5e86c6cff6b9e701343121aa7256d051fd55b899c6e1e948f28775
                                                                                                                                                                                                                            • Instruction ID: 288d5a9aebe293d63824f8df1406e7d8a00daf4be77f4858cae026cbe5790fa4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbccffd17c5e86c6cff6b9e701343121aa7256d051fd55b899c6e1e948f28775
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F91B1B3F112254BF3454D29CC983A17693DBD5310F2F42798A8C9B3D5D97E9E0A9384
                                                                                                                                                                                                                            Function 007941E2 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 7900d11d7b0ac774683c9a22a70d5e80ae1e4fc510c4fe6654ca66b306f98613
                                                                                                                                                                                                                            • Instruction ID: aba7cc974ba9c08af8f7369733d2a616ccbfa40ebb3469bf626d5ee1d45ad807
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7900d11d7b0ac774683c9a22a70d5e80ae1e4fc510c4fe6654ca66b306f98613
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3591A2F3F2162507F3444829DC983627683D7D1325F2F81788E58AB7CAD97D9E0A5384
                                                                                                                                                                                                                            Function 008151D3 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4ec41736da0bfe285f5c09343848e90988206222b97e3efef708837c5c2bab8a
                                                                                                                                                                                                                            • Instruction ID: be0a1bc161d84a4d0d242258a560cc4e183a9498bda69119ffea1ab84f1ed5c7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ec41736da0bfe285f5c09343848e90988206222b97e3efef708837c5c2bab8a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09918FB3F1122547F3944D39CC983627682DBA4320F2F85788E8CAB3C5D97E6D4A9384
                                                                                                                                                                                                                            Function 0079A10C Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: d83118de593caac6991a07657672d64834ce4b1882f72a4d91f0b3593806145f
                                                                                                                                                                                                                            • Instruction ID: 78c6aa54aac3f3fa895203a17be4257c93da56d8042231697831f15e47034246
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d83118de593caac6991a07657672d64834ce4b1882f72a4d91f0b3593806145f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0918AB3F112254BF7584939CD583A26653DBD1321F2F82388F586BBC9D97E8D0A9384
                                                                                                                                                                                                                            Function 00880291 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 8063f1ce3b670db03c3b4665f02c6c5f49cd01eeea51da966da19a1baaa5ae92
                                                                                                                                                                                                                            • Instruction ID: cfdf3159b6f766e1ff8665e9b83162cafa3de64a2b5f2e3c787baa4d45236b9c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8063f1ce3b670db03c3b4665f02c6c5f49cd01eeea51da966da19a1baaa5ae92
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90918FB3F012254BF3504D69CC943A2B692EB95324F2F41388E48AB7C5DA7E9D0A97C4
                                                                                                                                                                                                                            Function 007304C6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                            • Instruction ID: 82a70d21772e4c25449de70118e4d805a2e67e0e0c11cd8ae956d25fc04b2469
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67B16132618FC18AD325CA3D8855397BED25B97334F1C8B9DA1FA8B3E2D674A102C715
                                                                                                                                                                                                                            Function 007D0443 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ddbaf6dcb91e22826f17592bee56a0d67df90449b9f889786a6a1fed0e793489
                                                                                                                                                                                                                            • Instruction ID: bed08c98fc1d04473c44ddfdcf93e84161322bd9d5212c340ea63dade86e99e0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddbaf6dcb91e22826f17592bee56a0d67df90449b9f889786a6a1fed0e793489
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D9179B3F5122547F3580878DDA83A2658397E5324F2F82398F5DAB7C6DC7E4D0A5284
                                                                                                                                                                                                                            Function 0081B1B7 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 43573baceada0a1d7a61d72c255d2b851ad994af070e84a0db58bbaa6575b805
                                                                                                                                                                                                                            • Instruction ID: a7ff4715cbcde4fb1b33daeb2b47bebc5763a1ba0a71f87fb92b69aa376d10fd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43573baceada0a1d7a61d72c255d2b851ad994af070e84a0db58bbaa6575b805
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D91AEB3F112254BF3840D69CC943A27293DB95324F2F42798E48AB3C5DD7E9E0A9384
                                                                                                                                                                                                                            Function 008780AA Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 7f817886cb058e79ed67c6681863db85e5c82a04661d7d94668a1fd99e99ab5e
                                                                                                                                                                                                                            • Instruction ID: 4757b77ae2b544c96f513ab0482ce3a3f205553e4bfaa9f126d38c4526c8b2ef
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f817886cb058e79ed67c6681863db85e5c82a04661d7d94668a1fd99e99ab5e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80916BF7F1162547F3884929CCA83A23253DB95314F2F817C8A499B7C6DD7E9E0A9384
                                                                                                                                                                                                                            Function 007DE518 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 25a53145424cfd32b0476c87e7a63e037391948246744d82d7761565a98410bd
                                                                                                                                                                                                                            • Instruction ID: 2cdf84353cf458c95942de2a1e977d190c64fc0200a01d66a962ae57483bacb4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25a53145424cfd32b0476c87e7a63e037391948246744d82d7761565a98410bd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F817AF3F2162447F3884838CDA83A62583D7D5324F2F82788A596B7D5DC7E9E0A5384
                                                                                                                                                                                                                            Function 008102D9 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 65120e6f18b8b046f3d14cf6a234cfa4d59f375838b23a787828090df9ad7226
                                                                                                                                                                                                                            • Instruction ID: 16e01c59a87583dcb43ecc51cfd3263cb39802f00644bdd77caeb287ef6a268e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65120e6f18b8b046f3d14cf6a234cfa4d59f375838b23a787828090df9ad7226
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD91B3B3F1022547F3540D68CCA83A27293DBD5310F2F82798E49AB7C5E97E5E499784
                                                                                                                                                                                                                            Function 007A233B Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: e64f4b28b22cf87e39f2ecefb3f57a77f81ac8ef71bfe768014dc75b2b0337eb
                                                                                                                                                                                                                            • Instruction ID: ec9ad8951a51c328f41c1aee1bcc8928f3b192c3f8a4191fa6ea08c3fb2a439c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e64f4b28b22cf87e39f2ecefb3f57a77f81ac8ef71bfe768014dc75b2b0337eb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD917DB3F106214BF3844D69CCA83527692DB95314F2F81788E886B7C9EABE5D4A4384
                                                                                                                                                                                                                            Function 00808317 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 1922db428461c56db23f652155fb9d0b5bc46ceec5992cdd677d2cb44430d0ef
                                                                                                                                                                                                                            • Instruction ID: 5c2cd9f192bf3389bef256414d8ad23ce435583b15f6f8c31d368f4b9f422d16
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1922db428461c56db23f652155fb9d0b5bc46ceec5992cdd677d2cb44430d0ef
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F817AB3E1152547F3944928CCA43A2B293EBD5324F2F82798E886B7C5DD7E5D0A93C4
                                                                                                                                                                                                                            Function 00750460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                                                                                                            • Opcode ID: ef9cc73945f4a47c687566312ccfdff7f1fa2e8565c8398be16fe8c24111cf8b
                                                                                                                                                                                                                            • Instruction ID: 87c0b3385071f662d09f6c838addf5c4685325cfbaf3b2c6ef1c8407214f0e58
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef9cc73945f4a47c687566312ccfdff7f1fa2e8565c8398be16fe8c24111cf8b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 806135356083019BD7159F18C890ABFB7A2FBC5722F19C52CED858B291EB78DC6587C2
                                                                                                                                                                                                                            Function 007FE3D2 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 1fb0ba6ca49340d0b62dba8fe66ab0a5474170c3918819b5ef6dbc2f4b6e0230
                                                                                                                                                                                                                            • Instruction ID: b0ec7c84dd97396afd5c558ee07cedb19606da1ead806caef2aa864b1607502c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fb0ba6ca49340d0b62dba8fe66ab0a5474170c3918819b5ef6dbc2f4b6e0230
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7391B1B3F106254BF3844D38CC943627692EB95314F2F81788F09AB7D5D97EAD0A9384
                                                                                                                                                                                                                            Function 007FA058 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 84f79e0836d6387c21658bca81fb4036be30d8b0a0b897ccca7b24b13f79d10f
                                                                                                                                                                                                                            • Instruction ID: ac5e64b328b97c4e7fa0a20acd0602cc6049c67b6e0db57fae58143c08057c07
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84f79e0836d6387c21658bca81fb4036be30d8b0a0b897ccca7b24b13f79d10f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA819CB3F102254BF3944D38CD983667692DB99320F2F82388F59A77C5D97E9E099384
                                                                                                                                                                                                                            Function 007CE08D Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 574b975d2ee4c0182aadc84c155971b650eefd458fd9c6a620e695ab2a45d1f3
                                                                                                                                                                                                                            • Instruction ID: 9844effe8cc0e8d167e9a695051ab275891bada67af74ffa93a4833cf7176c16
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 574b975d2ee4c0182aadc84c155971b650eefd458fd9c6a620e695ab2a45d1f3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0916FB3F112254BF3844E28CCA43A67352EB95310F6F817C8E496B7C5DA7EAD099384
                                                                                                                                                                                                                            Function 0083C3C0 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c1b40ebd1a4ec7fc2019e052db0660198a5973d5e56e9e58af5dfdce3bf3f32d
                                                                                                                                                                                                                            • Instruction ID: cfe845579d0c72d7fc03c62e3b4c21e9caaf38c6b4854089188e0863f6af053e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1b40ebd1a4ec7fc2019e052db0660198a5973d5e56e9e58af5dfdce3bf3f32d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B81ABB3F116254BF3504969CC983627293DB95320F2F82788E1C6BBD5E97E5E0A93C4
                                                                                                                                                                                                                            Function 0081F071 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 2bc6d39d8235f4226d98b32e15e4cad9bf2bdaf419aa76b924a2001ff08c78bb
                                                                                                                                                                                                                            • Instruction ID: 20646bc99b4ff8671497fe5ab1b7e6e8854640b22681ba196b31c30ffe8e6498
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bc6d39d8235f4226d98b32e15e4cad9bf2bdaf419aa76b924a2001ff08c78bb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 988136F3F1122547F3584828CCA83A66583DBD1324F2F82388F59AB7D5D97E9D0A5388
                                                                                                                                                                                                                            Function 007F00D5 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 9bc30746ac27029ddeca17595d3b759503993c6f33074fbb6d68a60db27ac5ac
                                                                                                                                                                                                                            • Instruction ID: 86177dcd1f1c6094d77259c244ac58f891f4ee6c39196076a5dc2da28103b220
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bc30746ac27029ddeca17595d3b759503993c6f33074fbb6d68a60db27ac5ac
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0181ADF3F5122547F3544D79CD98361B692ABA0310F2F42788E5CAB7C5E9BE9E099280
                                                                                                                                                                                                                            Function 008561E0 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 5b4e3b0166dfaca60e71ba57e39c8d1ea7ad4e83fdfe3eb15dbb7cd24a7d4859
                                                                                                                                                                                                                            • Instruction ID: c091e79fb62a36b7bfcc3098a3f80623a6b5a08b8c9e91ecce4c5e7c2675521f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b4e3b0166dfaca60e71ba57e39c8d1ea7ad4e83fdfe3eb15dbb7cd24a7d4859
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9781BFB3F112254BF7844D28DCA83A17253DBE5310F2F81788A485B7D5D97E6D0E9388
                                                                                                                                                                                                                            Function 0083A141 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 33fb0d958399c246a2d6b3ae0d1138d062d25c5341d3a2134bd0298d55c4d4ba
                                                                                                                                                                                                                            • Instruction ID: e43566348f2bd40bfb5eed4ae3a8c2baab91ecfe09071d48d1f2cdb2791af588
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33fb0d958399c246a2d6b3ae0d1138d062d25c5341d3a2134bd0298d55c4d4ba
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8817BB7F116204BF3448939CDA83657683E7D5320F2F82788A596B7C9DD7E5D0A8384
                                                                                                                                                                                                                            Function 008022B0 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: a618379f14d15afe70ce439ee98af9ad077b22efbd49442d080369b47c058e9a
                                                                                                                                                                                                                            • Instruction ID: c08479d7a2ffcb72468700b49a91e7c91aaac3258b5728225be82c3ca8bbde05
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a618379f14d15afe70ce439ee98af9ad077b22efbd49442d080369b47c058e9a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2181BDB7F5163147F3544878CC983A2A6929B95324F2F82788E5C7BBC5D8BE5D0A83C4
                                                                                                                                                                                                                            Function 008620A8 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 52d95c3f5a52e87c8942e7cd8e69781f15578c2407273384ab79ec21edec4bd8
                                                                                                                                                                                                                            • Instruction ID: a36a27425ea3788c07d6f9f91982b8275e5dcd8baf927b3368494aa46313bb12
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52d95c3f5a52e87c8942e7cd8e69781f15578c2407273384ab79ec21edec4bd8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0814BB7F5122547F3808929CD983927653DBD5310F2F81788B486BBC9D97E9E0A9388
                                                                                                                                                                                                                            Function 007F8570 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 943eb60042dd611b57b9378b93da6af1059762a031019bdceb14b4c5c9b03969
                                                                                                                                                                                                                            • Instruction ID: 49aebd272bbace6feafbc6f8afe579ddb893a684898a449fe42b57a8f134970e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 943eb60042dd611b57b9378b93da6af1059762a031019bdceb14b4c5c9b03969
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C819DB7E1062547F3504D29CC983617693DBA4324F2F82788E8C6B7C6D97E6E0A93C4
                                                                                                                                                                                                                            Function 00869034 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 51519c7a07dca7fe8ed2320c38b87310eba1a1d42f7889cf2d18a6125690d94d
                                                                                                                                                                                                                            • Instruction ID: adf81d041392edcd46328e86349790539b1ce527edadf078a7a0c60d786241cf
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51519c7a07dca7fe8ed2320c38b87310eba1a1d42f7889cf2d18a6125690d94d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2581A0B3F5062507F3484878CCA93626582DB95324F2F82788F5DAB7C6EC7E5D4A52C4
                                                                                                                                                                                                                            Function 0081E4EB Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 890c0de35d98696bcc6ea291e21b4ef513e7e7f6903bf4f8b4e44455ec6df470
                                                                                                                                                                                                                            • Instruction ID: abfb5e52ba53d94d962386517387f1f0b20df8c9d60d095c7e747c13f4defcc1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 890c0de35d98696bcc6ea291e21b4ef513e7e7f6903bf4f8b4e44455ec6df470
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C818EB3F1122547F3544D29CCA83A1B6939BD4314F2F823C8E896B7C5D97E5D4A9384
                                                                                                                                                                                                                            Function 0086D03A Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 729bc52af6c7d8b00d868c7abda8a85859bcc185a7f4580850ab05343746c8bc
                                                                                                                                                                                                                            • Instruction ID: 519e85be825edff8d6f6aeb362aa7fe7b3f5c09b66e02e330379d2b650944a1b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 729bc52af6c7d8b00d868c7abda8a85859bcc185a7f4580850ab05343746c8bc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18816AB3F1162447F3444929CC943A2B292EBA5324F2F81788E4DAB7C5DD7E5D0A93C4
                                                                                                                                                                                                                            Function 0081C421 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c8421114aff685624e2a402db733e59be90329c3bddc652039dfd837476e3b45
                                                                                                                                                                                                                            • Instruction ID: 5146ec6d545515f05f95f5e8a9a83e84422293a830102d68095143b810aa5ae1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8421114aff685624e2a402db733e59be90329c3bddc652039dfd837476e3b45
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD8159B3F512254BF3444928CD983927653ABD5320F2F82788E5C6B7C5DA7E9E0A93C4
                                                                                                                                                                                                                            Function 007E10C3 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ba83626c81e33ef2584d69cef4851bc369be64d07b691808970e3cdaccbe72f5
                                                                                                                                                                                                                            • Instruction ID: 1cd274b2c47730ba7d7106443e9553cef05814ca1e54dfc1769678972da7724b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba83626c81e33ef2584d69cef4851bc369be64d07b691808970e3cdaccbe72f5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD8192B7F1122547F3804A68CC943917293DBA5324F3F42788E5C6B7C5EA7E6E199384
                                                                                                                                                                                                                            Function 008842A8 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 07424d772b0a34de6e8415725564838514f8d22130ddeaaa68fab6959154e0f9
                                                                                                                                                                                                                            • Instruction ID: 002d945d093ccc827ddfe9d36c6e8d23668e7d8acf2b0a6a9a4894caed6e26cc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07424d772b0a34de6e8415725564838514f8d22130ddeaaa68fab6959154e0f9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C781ACB7F1162547F3544979CCA83626283DBD4324F2F82388E586B7C6E9BE5D0A92C4
                                                                                                                                                                                                                            Function 007EC208 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: da68fd9702081e918c95bb5aa85c9099c0a5af9c5f978a32e1291670aaca955f
                                                                                                                                                                                                                            • Instruction ID: a826d4cbbd84dee3e118a20bd7586bcd8024fe9dc7f421e662ad3e57e39dd0df
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da68fd9702081e918c95bb5aa85c9099c0a5af9c5f978a32e1291670aaca955f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D81BDF7F5022147F3844969DDA83627293EB95314F2F81388E48AB7C5ED7E9D0A9384
                                                                                                                                                                                                                            Function 007B6339 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: d55bdb63e013b672b6edde686b23a79cc7949c74ee621329ab01309aa89e4132
                                                                                                                                                                                                                            • Instruction ID: 1aa8b92dbb296eb27dbea75e21fbddc3d2f2ea941ec5940be9d5f35dc6117e0b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d55bdb63e013b672b6edde686b23a79cc7949c74ee621329ab01309aa89e4132
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E818CB3E012264BF3940D28CD98361B653DB95320F3F82388E592B7C5DE7E6E099384
                                                                                                                                                                                                                            Function 007C04E2 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: efe8d567a07f7b37dd9ef620ce3060ebaecce937d4234a1495a592c8d4b627d6
                                                                                                                                                                                                                            • Instruction ID: e4dbceb4214a3d10a8b6bf53aa33a9f0a0429360ebc75712e3ac8f2ab02d9006
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: efe8d567a07f7b37dd9ef620ce3060ebaecce937d4234a1495a592c8d4b627d6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66818DB7F5062447F3988938CD683622693DBD5320F2F827C8A596B7C5ED3E5D095384
                                                                                                                                                                                                                            Function 008182DA Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 8e232598286b96d116d7e66511ab2ef7212933c54d6039481ba18f4f7c53c5f6
                                                                                                                                                                                                                            • Instruction ID: 623d6203ddca3ff944b75d6e05782302f5f2949a583bccb127d2f4780b20c197
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e232598286b96d116d7e66511ab2ef7212933c54d6039481ba18f4f7c53c5f6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33817CB7F112254BF3944D68CCA83626693DBD5310F2F82388F492B7C5D97E6E0A9784
                                                                                                                                                                                                                            Function 0084C106 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 975e6435a8c6c59906a74a9431a81532a019e68fd0a30e75def29b025946cc2c
                                                                                                                                                                                                                            • Instruction ID: 436d92c4adebf4579f473b26d9b232ffb8d7f68451664b9c577a3d703846b5fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 975e6435a8c6c59906a74a9431a81532a019e68fd0a30e75def29b025946cc2c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28819AB3F516254BF3544929CC983A176939BD6320F3F82788E5C6B3C5E97E5E0A8384
                                                                                                                                                                                                                            Function 007AE0B2 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4d5e7b785ddb27848042b7b8f7d5cc32e820acfa3daa212bb697a3f61a8917ac
                                                                                                                                                                                                                            • Instruction ID: 4c7ddea87ea3017a091529ce7389653079c9d3f914ecb6659b83e9dd83e979a4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d5e7b785ddb27848042b7b8f7d5cc32e820acfa3daa212bb697a3f61a8917ac
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64818DB3F106244BF3584D38CCA83A17692DB95314F2F827C8E896B7D9E97E5D099384
                                                                                                                                                                                                                            Function 007E4173 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 515a0b904da8d2440a7ba3482f68754ee85785f0b1cae385234a4b9c178ccdb0
                                                                                                                                                                                                                            • Instruction ID: d3a67e79bb3fa0f62d52e9f9fb93a9c4d621aca4f9724bc1d43a1bcc9d0f4562
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 515a0b904da8d2440a7ba3482f68754ee85785f0b1cae385234a4b9c178ccdb0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE81B1B3F102254BF7544E78CC983A17293EB99310F2F42388E495B7C5D97E6E499384
                                                                                                                                                                                                                            Function 007BB164 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 11ef7057a4fff75ae329951ef81a4aca2613cd83a7d394d40b70f0c5ded50c27
                                                                                                                                                                                                                            • Instruction ID: 9601d50926343a6f4d822131271033b132523d35a3a8ae0e27cddbf771aa7ae4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11ef7057a4fff75ae329951ef81a4aca2613cd83a7d394d40b70f0c5ded50c27
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C081B0B3F112254BF3504D29DC543A17693DBE6310F2F82788A4C6B3D6E97E6D4A9384
                                                                                                                                                                                                                            Function 0087E34A Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 3b5789276bc552ac6ad60a7c4d35a37b58a7a53018ad693e183dece980b02066
                                                                                                                                                                                                                            • Instruction ID: f8375b12e448cf4c062e389b1ffd17b78b13f55cafd481b045cf8f1624dbc1e0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b5789276bc552ac6ad60a7c4d35a37b58a7a53018ad693e183dece980b02066
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3081B1B3F102254BF3940D24CCA83A27252EB95320F2F827C8E896B7D5D97E5E0997C4
                                                                                                                                                                                                                            Function 007E840F Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 0d07a28ae6fef0b85a075230ea6c5459329332dcfe92a57661a4dde4b4aa6039
                                                                                                                                                                                                                            • Instruction ID: b2e34a035bb0b0ed56c655c23118d8ea7c156dc72004c3c8f494b25d9fec4b69
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d07a28ae6fef0b85a075230ea6c5459329332dcfe92a57661a4dde4b4aa6039
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6718AB3F111214BF3544D38CD5836266939BA5321F2F82788E9CAB7C8D97E6E0A43C4
                                                                                                                                                                                                                            Function 007D6528 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 3768a219884dfa92c75112d1c7b1d0ac321df12f301c36f64ca949c689445865
                                                                                                                                                                                                                            • Instruction ID: 16f08187d3f457feae7deaa5494233313597c73bfc6098fcc0d98a75df0920a1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3768a219884dfa92c75112d1c7b1d0ac321df12f301c36f64ca949c689445865
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD7168F7F1112547F3540924CD683A27653ABD1321F2F82788E9C6BBC5D97E9E0A9384
                                                                                                                                                                                                                            Function 007C1037 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ae84c16f682ad37a369ab8e57ed09512c3e850b620e499a8e96300a04a57f156
                                                                                                                                                                                                                            • Instruction ID: e175de8a3bded2a2ad3379a29c3431a926901978fa80cf3f4583fbe9d1cb5d7c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae84c16f682ad37a369ab8e57ed09512c3e850b620e499a8e96300a04a57f156
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F71C3B3F1162047F3944D64DC983A27292EB95314F2F42788E586B3D5E97E5E0993C4
                                                                                                                                                                                                                            Function 008382F9 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 9ba712f6d83b119ca7fe0242af8c946b93dc7078a7fef6d6d4f173e02400c2ea
                                                                                                                                                                                                                            • Instruction ID: bcfdab4a7b7894c8be1ea6a36190565c18e1dadb11e013b630bd3bd5cd160dfb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ba712f6d83b119ca7fe0242af8c946b93dc7078a7fef6d6d4f173e02400c2ea
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D27174B3F1122547F3504D69CC983A1B652DB95320F2F42788E5C6B7C4EA7EAE0997C4
                                                                                                                                                                                                                            Function 0085246A Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 182c1c867d6da292a712ea469dbb504c196a8f49ba866578705158829ec3cb5b
                                                                                                                                                                                                                            • Instruction ID: ebf6d911cb23262a3a55e66acc4cdbc5e3bbd950ec1c50483b78ae16f8f50a3c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 182c1c867d6da292a712ea469dbb504c196a8f49ba866578705158829ec3cb5b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62718AB3F116254BF3544935CCA83A26683EBE5320F3F82388F58AB7C5D97E5D0A5284
                                                                                                                                                                                                                            Function 0083F093 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ca241dffe0b1852ffe025ac5446e548d64e43b9a80829914e77ec1a1fc6b124e
                                                                                                                                                                                                                            • Instruction ID: 74b0955d2bc29bf9d1d9f92ad8bb04b792204dc802af86c6fdcc6f8ae999a5aa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca241dffe0b1852ffe025ac5446e548d64e43b9a80829914e77ec1a1fc6b124e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 217180B3F112254BF3544E28CC943617692DB95320F2F4278CE8CAB7D5DA7EAE099784
                                                                                                                                                                                                                            Function 007E44F6 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 282c3098663bb69f6aa6b2ddc60a2b1c9f9361ae8611d73605784a0816c2c308
                                                                                                                                                                                                                            • Instruction ID: b21a118ac96592104886c41cb73ad37f5e36dc4f9a0fc4dffb0a8e88cd0e9e30
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 282c3098663bb69f6aa6b2ddc60a2b1c9f9361ae8611d73605784a0816c2c308
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D716BB3F5122547F3940D29CD983A26683DBE5320F2F41388E4C9B7C5D9BE9E0A6384
                                                                                                                                                                                                                            Function 0078E46D Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 89cdfe16715fc876b754fd486536eebfdc55c64716fc072839f5aa7c6f556c7e
                                                                                                                                                                                                                            • Instruction ID: 1afc0b2e5bbd53d6b19b15c75d189441cce0c7b4e233cd6da845d8b69148d829
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89cdfe16715fc876b754fd486536eebfdc55c64716fc072839f5aa7c6f556c7e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95718EB3F512114BF3544DB8CD983927692DB85320F2F42788E989B3C5DDBE9D4A9384
                                                                                                                                                                                                                            Function 0078656A Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: eff6e1ae6589aa74a8781381818ffe0ffface139111358fa932368047965c418
                                                                                                                                                                                                                            • Instruction ID: 6f8ce728921bab1a0a8dd61a59d2fc7f5ea8d25629c6af86033bc7c5063621b1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eff6e1ae6589aa74a8781381818ffe0ffface139111358fa932368047965c418
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3718FB7F1122547F3840E28CC983617653EBD5324F2F82788A585B7D4DE3E6E0A9788
                                                                                                                                                                                                                            Function 008851C3 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ae528670b9b6819eb5d5de9a7ffa3bb779525c9d1b132d617cb938e8300a6e9b
                                                                                                                                                                                                                            • Instruction ID: 66ebdb312f4d69cc5551497f9b1d8b1381721568736ced9bccb691df9ad04e83
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae528670b9b6819eb5d5de9a7ffa3bb779525c9d1b132d617cb938e8300a6e9b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83717BB7F211254BF3444D38CD983A636939BA1364F2F42788E486B7C5D97E6E0A9384
                                                                                                                                                                                                                            Function 008221F5 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 1df91cb93a46ccfa271e7231ba3c687efdceef099f1a5f568b05116aeb0342e9
                                                                                                                                                                                                                            • Instruction ID: 18842f0bc6359202a8ce31b7284814433034ae9ec9a6b470be04d95a048caf2c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1df91cb93a46ccfa271e7231ba3c687efdceef099f1a5f568b05116aeb0342e9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43718EB3F112254BF3844D64CCA43667693EBD5320F2F80788E496B7C5DA7E6E0A9784
                                                                                                                                                                                                                            Function 007A4326 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c864f67b478152edcda73422624f61b55cd141790b8dd360be9ad0fb44e22fdd
                                                                                                                                                                                                                            • Instruction ID: 68e6b01db801b098e0e06ca1bde3baaa41e51607ddb2c51376c0b3b53af93781
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c864f67b478152edcda73422624f61b55cd141790b8dd360be9ad0fb44e22fdd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F71F6B3F1122547F3544929CC9436272939BD5324F2F82788E486B7C5DA7E6E0A9688
                                                                                                                                                                                                                            Function 008611C8 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b34fc3ab66a09de864fc98eb46fb43ae504d9743fb67be56fdc98b1884adcf23
                                                                                                                                                                                                                            • Instruction ID: d7845535f173f7a20d131788e9ab6171e67204d9691323fefd33134b2c63ece9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b34fc3ab66a09de864fc98eb46fb43ae504d9743fb67be56fdc98b1884adcf23
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D718073F1022547F3544978CCA83A67692DB85324F2F4178CE496B7C5DA7E5E0993C0
                                                                                                                                                                                                                            Function 007E7054 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 3b7d8fa97875cd28706bc4c189cf58d8126ef8052c0607b8d511e9fb9041e02a
                                                                                                                                                                                                                            • Instruction ID: 68a9a9fac4d807b4d8c32eb60a8e370646c234e3c6318b54c4d53df10c481a72
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b7d8fa97875cd28706bc4c189cf58d8126ef8052c0607b8d511e9fb9041e02a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5714AF3F1122547F3404D29DDA83526A93D7D1324F2F81788A58AB7C9DABE9D4A4384
                                                                                                                                                                                                                            Function 00796355 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c3bc62f49862f57e74cc13a30639aadd7a40b5c84a30bdeeaffb6ab67d690c99
                                                                                                                                                                                                                            • Instruction ID: 13e7debef19529b5f4091a015bd7df5b9625e73dd797f040b6dec294b55963a0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3bc62f49862f57e74cc13a30639aadd7a40b5c84a30bdeeaffb6ab67d690c99
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C618BB3F111254BF3544D29CC643627693DBA5320F2F82B88E48AB3D5DA7EAD099384
                                                                                                                                                                                                                            Function 00840036 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 9f5edf614169a6fc3785176858f1579b6d04877744f0a52b63305abe95abb242
                                                                                                                                                                                                                            • Instruction ID: cac34092908293249d20c540a3f234380f01ae5537a2010607464577d19f22f7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f5edf614169a6fc3785176858f1579b6d04877744f0a52b63305abe95abb242
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3618EB3F216254BF3544D28CCA43A17293DBD5324F2F42788E689B3D1D97EAE099784
                                                                                                                                                                                                                            Function 00840350 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b8c257c6441226c74d5ce6cc183dfa975dde1b0e83a407aee1191aa093762ce7
                                                                                                                                                                                                                            • Instruction ID: acad4e756d66e525ae4591c7511bca24dee9af7c30c7efe6bb09b54fcca065d6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8c257c6441226c74d5ce6cc183dfa975dde1b0e83a407aee1191aa093762ce7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57619AB3F1122547F3844968DD683A27693DB91320F2F82788E5C6B7C5ED7E5E0A9384
                                                                                                                                                                                                                            Function 007BC531 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 17e6639fbb975fe55f960d998c5a477484b24f56f0e88b2c92424829e4eb5201
                                                                                                                                                                                                                            • Instruction ID: cc86976178db00c2011b69f778187ad9e80027e38e86e23fad3f300decfe8a05
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17e6639fbb975fe55f960d998c5a477484b24f56f0e88b2c92424829e4eb5201
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9619CF7F102244BF3844D28CC983617692DB95324F2F82789F58AB7D1D97E9D0A9788
                                                                                                                                                                                                                            Function 007A6200 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 3bd229faa712b0b8aecef8a62c46d51871604490bdbd75779b4c1d1cfadc757e
                                                                                                                                                                                                                            • Instruction ID: ce52cb65c4c1fff6563d7107a78ef8aa0ef40857546702c4ffd941b6288707ec
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bd229faa712b0b8aecef8a62c46d51871604490bdbd75779b4c1d1cfadc757e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8861ADB3E016218BF3544E68CC94362B392EB95314F3F82788E586B3D5DA3E6D199384
                                                                                                                                                                                                                            Function 008705D4 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: e71ec6755c1a57f5529f8f0bf65225a172621326648c69d1831332b1d19ff303
                                                                                                                                                                                                                            • Instruction ID: 0e6ce2a09acc22a7a043cdf02e148932d732d64a875a791acdf7dc8d497b5f77
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e71ec6755c1a57f5529f8f0bf65225a172621326648c69d1831332b1d19ff303
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F61ADB3F116254BF3444D28DC983627293EB95320F3B827C8A596B3D5DD7E6D0A9384
                                                                                                                                                                                                                            Function 007A651C Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 08dd7505c8e1566927bd7eddea6e3a89d11e472035618e1646682b9e17afa4a2
                                                                                                                                                                                                                            • Instruction ID: 13432e828fd241a7dceee88b813b6b2a621e6fa17dc7f57af3420f3c2f0ea1f6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08dd7505c8e1566927bd7eddea6e3a89d11e472035618e1646682b9e17afa4a2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C619D73F106104BF7884E78CCA83A27692EBD5310F2E827C8A459B7D9DE7E5D099780
                                                                                                                                                                                                                            Function 007D24DB Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: a32dbf66e75fbfce6360a7fd567318348821e047ba276ac38cc47321addaf5a2
                                                                                                                                                                                                                            • Instruction ID: 1f7deb535a48cd340b0cca5c9772d5313dd2373b43fc85680fabaff9d00cfa7b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a32dbf66e75fbfce6360a7fd567318348821e047ba276ac38cc47321addaf5a2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1461B1B3E102254BF3544E28CC943A17352DB95324F2F427C8E4D6B7D1EA3EAE199784
                                                                                                                                                                                                                            Function 0085A3B9 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 76622409405c7e40eba79920825d589347d851eb7e531ec562a8e7235ae0bdfb
                                                                                                                                                                                                                            • Instruction ID: cce9cd7b984b14abbce9e7cef5b6ab0621c7cda80b6f1534b138c2be35f30fd3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76622409405c7e40eba79920825d589347d851eb7e531ec562a8e7235ae0bdfb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88618BB3F101254BF3484978CCA83A27693E795314F2F42788E19AB7D5D97E5E0A93C4
                                                                                                                                                                                                                            Function 0081A03E Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 0c29bb7ae981b0b2bc585b1a2eee786395592f2af50773846e8aef553f7cfa7c
                                                                                                                                                                                                                            • Instruction ID: 63fba833607a66767f757aa22929577641405ed20d3149efa6fbfe616ce32781
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c29bb7ae981b0b2bc585b1a2eee786395592f2af50773846e8aef553f7cfa7c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69619EB7F116244BF3544E28DC943A17292EB96310F2F82798F58AB3C5DA7E6D0993C4
                                                                                                                                                                                                                            Function 0081E1E5 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 109770c60ada25cf19e2f8c36497622a9e57f27e4daac96792fc2dfefd7e0259
                                                                                                                                                                                                                            • Instruction ID: a3f3ca197bbe784fafbfb30aa6a8fc40a24880005d25ab98993d6d758b46b066
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 109770c60ada25cf19e2f8c36497622a9e57f27e4daac96792fc2dfefd7e0259
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89616CB3F1122547F3444929CCA43A27693ABD5320F2F82788A885B7C9D97E5D4A9384
                                                                                                                                                                                                                            Function 007C01FF Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b5c3c141a53a44ba43c0242a73aa75766e2092679a46ee717a0474ee428cada6
                                                                                                                                                                                                                            • Instruction ID: 082382227f3573c0e20ad132f9e536759132a54fdd3d424788ee2ba58784ce65
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5c3c141a53a44ba43c0242a73aa75766e2092679a46ee717a0474ee428cada6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87618FB3F102154BF3444E28CCA83A17693EBD5320F2E417D8E495B3D4DA7E6E0A9384
                                                                                                                                                                                                                            Function 0084E14D Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 053769315f1e9e2c7be437d502cbbd8b1fd9f8fc3be2e261eff53b49b324e668
                                                                                                                                                                                                                            • Instruction ID: 076ead0485ab551553ba377eb663efa1ce4a7797b56b2b1ac7f913592d2c0316
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 053769315f1e9e2c7be437d502cbbd8b1fd9f8fc3be2e261eff53b49b324e668
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B51E3F360C6009BE304AF2AEC857AAFBE6EFD4721F16483DE6C483644DA3554458793
                                                                                                                                                                                                                            Function 008342BD Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 00c637d25c6c0594e6eca7b8e206f3f88ad0f0810fa198393624bad8a1c94fa8
                                                                                                                                                                                                                            • Instruction ID: ff257e37501ea20b8f7192519242bc0a58244ab643a8e356b9b91e41bbaf10ab
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00c637d25c6c0594e6eca7b8e206f3f88ad0f0810fa198393624bad8a1c94fa8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71516DB3F112244BF3544968CC943627293DBD5320F2F82788E98ABBD9D97E9D0A53C4
                                                                                                                                                                                                                            Function 00773035 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: a624803cd0843cd441bb91666ab82ea7bc1b1db678f2d6c7e4b95e897535a5f4
                                                                                                                                                                                                                            • Instruction ID: 85f696e9f3686b08817e6545a016b29cca9b5cdfbdab796f131d834e4f204f06
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a624803cd0843cd441bb91666ab82ea7bc1b1db678f2d6c7e4b95e897535a5f4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD515CB7F102164BF3540D28DD983A27693DB91314F2F41388B485B7C5DABF9D0A9384
                                                                                                                                                                                                                            Function 007D9075 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b9ac14de9ed27b513ff4a4c5a2b69be94fb57608b28e3069a97001c6b4c7cba8
                                                                                                                                                                                                                            • Instruction ID: b2015dc46b73325da362f67cbc7837a6469509b5de097523b11a62dad5d7a727
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9ac14de9ed27b513ff4a4c5a2b69be94fb57608b28e3069a97001c6b4c7cba8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A515AB7F1122447F3944838CD98362A653A7D5324F2F82798E4C6B7CADD7E5E0A9384
                                                                                                                                                                                                                            Function 0077E4E8 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: f3a9ba80543adb2046779600f043c7232c60b8c1acad612b081005fdc06f227c
                                                                                                                                                                                                                            • Instruction ID: f52cc677ff99c8c87912bdfb3dd5a20104212f935676518f36332aeec1626800
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3a9ba80543adb2046779600f043c7232c60b8c1acad612b081005fdc06f227c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E51C773F112248BF7444E68CC583657392EB95314F2F417C8E596B3D1DA3E6E099784
                                                                                                                                                                                                                            Function 0087215B Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: d91646ff4e4faf0ea72e52535ebc6a9a4ae22b2b32ed32c3cb8179f77d5c08ab
                                                                                                                                                                                                                            • Instruction ID: 966b3325bcb586930d4f2a8fad2164696fd92e30c5c9652bef530fd1e4803638
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d91646ff4e4faf0ea72e52535ebc6a9a4ae22b2b32ed32c3cb8179f77d5c08ab
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6351BBB3F216254BF3480864CC683A57283EBE5324F2F427C8E5DAB7C1D97E6E094284
                                                                                                                                                                                                                            Function 0088E45F Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 14d8b1544aa92b1f831af8d374bdfc0cab60cfd053a20311db159d6d067041d1
                                                                                                                                                                                                                            • Instruction ID: 5846df6c52ff629156b3241e1ccb7ccf806ded20e0abd6cff561e4d133f77644
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14d8b1544aa92b1f831af8d374bdfc0cab60cfd053a20311db159d6d067041d1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12419DF3B092006BF304592EAC8977BB7DAEBE4630F2E853EEA45D7784E8355C054261
                                                                                                                                                                                                                            Function 00836342 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 8760d0f17711db571316a24d0d12170d07f7f33d9f7166281acb8b78dbd42fe2
                                                                                                                                                                                                                            • Instruction ID: 745872eaea6ae58b9da99a532f1212afa272ac12856f542311d2393c7d5fb85d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8760d0f17711db571316a24d0d12170d07f7f33d9f7166281acb8b78dbd42fe2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D51CBB7F1022547F3544939DC983A2269397D5314F2F82788E5C2BBCAE97E5E0A9384
                                                                                                                                                                                                                            Function 0086629E Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4fa8c084590502e425355eb9e2a0a923a3db6823d0532c9a835ba0aeaff96a6b
                                                                                                                                                                                                                            • Instruction ID: 256f832dc10cdae92f59e1033ce0eeb28fdc33c497dd2970a0bbeb9c375eb7f3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fa8c084590502e425355eb9e2a0a923a3db6823d0532c9a835ba0aeaff96a6b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44519EB3F6022647F3940D38CD993A17652EB91310F2F423C8E89AB7C5D97E9E496384
                                                                                                                                                                                                                            Function 00884016 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ea31ea78b05ed2a9e7fb432c89876a91b69f98fd627e34255ec5bcb8912cded3
                                                                                                                                                                                                                            • Instruction ID: 1398bd18aa61a9258913d0dc0ceca597fa0ebcdd4d8ae93848182de8330b91f4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea31ea78b05ed2a9e7fb432c89876a91b69f98fd627e34255ec5bcb8912cded3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F517DB3F1122547F3544D68CC9836172939BD5320F3F82788A58AB7C5E97E9D4A93C0
                                                                                                                                                                                                                            Function 0079C17E Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 203c1d7b9318ed51ee1d1c67a29122467f859251a19ede4f2f55d7807909c9d7
                                                                                                                                                                                                                            • Instruction ID: 3f36bc53d809954dcd84d65d53fc03f4215cd045bde7213135ef4ad1dc894978
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 203c1d7b9318ed51ee1d1c67a29122467f859251a19ede4f2f55d7807909c9d7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 085199B3F1062147F7444D29CD843A2B693ABD5310F2B82788E48AB7D5DA7E9D0A9284
                                                                                                                                                                                                                            Function 007DA3BA Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 78d74591c2528d43c672233bd35aeef297b57525f75e6d4c58939f3b697178d4
                                                                                                                                                                                                                            • Instruction ID: d475111880e7596892c66530fbd8df544604e0b8de307c19fe8ab8e4e61246dc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78d74591c2528d43c672233bd35aeef297b57525f75e6d4c58939f3b697178d4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE51B1B3F1022447F3544E29CCA43A17693EB95310F2F827C8E89AB7C5E97E6D099384
                                                                                                                                                                                                                            Function 0085902A Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 244af514b514f056d350a5c32569b3550731ecc21a31373d270c9540bae02028
                                                                                                                                                                                                                            • Instruction ID: ea6d52927dd2652f4f2c2febaab45da13ba44b77f1dd6e829720c54cd13842dc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 244af514b514f056d350a5c32569b3550731ecc21a31373d270c9540bae02028
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E35176B3F112158BF3444E19CC98361B363EBC5315F2F81788A089B3D5DA7EAD4A9788
                                                                                                                                                                                                                            Function 0072B57D Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 9b736d6a6e82b7dd70178d6dd8612caff3b393a3ea1bbf5cc1eda4b28b6d2c4a
                                                                                                                                                                                                                            • Instruction ID: eeeca189621f84175c07a208f8435e210ff543c3b11e3ec5249bd92a1873b95c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b736d6a6e82b7dd70178d6dd8612caff3b393a3ea1bbf5cc1eda4b28b6d2c4a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34312760504BE18BDB3A8B35A4A1B737FE09F67305F58488CD1E38B293D62AA609C751
                                                                                                                                                                                                                            Function 008AE44C Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 8cb00b3b3d307ff37eb53bca40b1ce5d97732ec2aa2f22fdac0d4b81949c54e9
                                                                                                                                                                                                                            • Instruction ID: 39c5b86171ac405e609181f498d6810b80e41e32a7c1e3adc10fdc1f9f339f41
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cb00b3b3d307ff37eb53bca40b1ce5d97732ec2aa2f22fdac0d4b81949c54e9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B74127B3A183185BE314697DECC97A7F7D9DB84670F2A4339EB94D37C4E8646C0142A1
                                                                                                                                                                                                                            Function 0082B0C8 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b26ffc68189891318c5cd1e16feea412a47204c3b2a464e3efd1f74df72af97d
                                                                                                                                                                                                                            • Instruction ID: f0cbb52712fa8a7a76b048bb3aaa9c5850e8aa5e1a6b0e3768e4b61bfff11774
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b26ffc68189891318c5cd1e16feea412a47204c3b2a464e3efd1f74df72af97d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E34169B3F1012547F3584D39CC683A67583DB94314F2F823C8A89AB7C8D97E9E0A6384
                                                                                                                                                                                                                            Function 007B41ED Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: d06e28c3d293667537dbbdb60c1edb4c3e4bcb2b636cc8fcc8cb4e0042a7cd50
                                                                                                                                                                                                                            • Instruction ID: 36f2177c50dec65463cd5d074f56e6c59ca3f2099b214ace65cce14452ebc571
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d06e28c3d293667537dbbdb60c1edb4c3e4bcb2b636cc8fcc8cb4e0042a7cd50
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72517DB3F102158BF3444E68CC943617792EB86324F6E417C9E486B7D4DA3FAE199788
                                                                                                                                                                                                                            Function 00798053 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: a6c530d28e5e8b1f26b680844369dd7dfc53694c33d1f888442ea6ec53855c97
                                                                                                                                                                                                                            • Instruction ID: 4cc2837565e882972cfffc6d5a2935581b3478cad9b7776d2c7e954a4bf9bb29
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6c530d28e5e8b1f26b680844369dd7dfc53694c33d1f888442ea6ec53855c97
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE416D73F101254BE7944E28CD693A57253EBD5310F2F827D8A89677C4DE3E6A09A384
                                                                                                                                                                                                                            Function 008390A0 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 065d112172fb114e94e72067e84a92c56e3dcc5bb60cd672c2c9de70a35f13ac
                                                                                                                                                                                                                            • Instruction ID: 86a9ac783421967b22484ff5d2e2ba490a7dbebd6053a755fa9a2c16a1d03969
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 065d112172fb114e94e72067e84a92c56e3dcc5bb60cd672c2c9de70a35f13ac
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD41AFF3E5122547F3944D24CC983A13252DBA5324F2F827C8F98AB3C5D97E5E0A9388
                                                                                                                                                                                                                            Function 00742070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b1e2b7f2468d2d0d120ae7d4e4c41652d166ea10f4667fd17ca6b01461344772
                                                                                                                                                                                                                            • Instruction ID: b574e66fccb28a4377c3dc917acd277e0163c3097c58fb9ae5b8b87c6af8fdac
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1e2b7f2468d2d0d120ae7d4e4c41652d166ea10f4667fd17ca6b01461344772
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A816FB450A3808BD3B4DF05E5986DBBBF4AB85306F10896DD8886B350CBF85449CF97
                                                                                                                                                                                                                            Function 007A6339 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 327093d72999a4d4267e8657b3a0945de528af69ed6e253bf8927e527bcf0fbb
                                                                                                                                                                                                                            • Instruction ID: 0b18cb34bd8c548c5cceea13f1db17bd2e85266dbdcac5adfa8b28028fa1fc63
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 327093d72999a4d4267e8657b3a0945de528af69ed6e253bf8927e527bcf0fbb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E4180B3E012258BF3644E28CC943A1B792DB85314F3F82788D582B7D1DA3E6D18A3C4
                                                                                                                                                                                                                            Function 0084F1CA Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 354eed2d963295e4bcfadd0ce349dc304ad9d36aa9d7efc5ce3115aef9cc4f1d
                                                                                                                                                                                                                            • Instruction ID: 5e2ce7c4affdd56bcfe7358900fad0d90a6ee31c633a0654afcdb1c16f85bd10
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 354eed2d963295e4bcfadd0ce349dc304ad9d36aa9d7efc5ce3115aef9cc4f1d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99417AB3F1112547F3544929CCA43A2A6939BA5720F2F82788E5C6B7D5ED7E9C0993C0
                                                                                                                                                                                                                            Function 008171D1 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 9b2f3078e10aeb775386a80ca47a8073197c0871c485ea1c91e28ec9ab57d3a9
                                                                                                                                                                                                                            • Instruction ID: 08bb1736ca71f94ddd1f8113693ccbc9b1908f0cee96f639cfad66e44b03298c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b2f3078e10aeb775386a80ca47a8073197c0871c485ea1c91e28ec9ab57d3a9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16417AB3F112244BF3944964CCA53627292EBD5310F2F81798F4D6B7C5D93E6E0A9388
                                                                                                                                                                                                                            Function 0086E0B2 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ef359686a7c66a4da2427a31d47d4267e5855182ffeb62b8e353338efaa4a60c
                                                                                                                                                                                                                            • Instruction ID: 7a01755649d7a153d748d66e1d696207b4566b35d0d496f60459566eb6fb5b7c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef359686a7c66a4da2427a31d47d4267e5855182ffeb62b8e353338efaa4a60c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46319AF7F514214BF3548928CC943A17283ABD1314F2F82788D886B7D5ED7E5D0AA384
                                                                                                                                                                                                                            Function 007E3008 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: eef0096b1c428021bb5146640f278cba55bcd7f2a31bc0a584974fd58569a68c
                                                                                                                                                                                                                            • Instruction ID: 59c60292d0b4a7affe4589bf6ef871f4ea9588adabbee0996659e1ec5b0d287d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eef0096b1c428021bb5146640f278cba55bcd7f2a31bc0a584974fd58569a68c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B3158F3F1212543F3984929DD943666287ABE5324F6F823C8B4DA73C4DD7E5D0A5284
                                                                                                                                                                                                                            Function 0074A440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                            • Instruction ID: ed6e77193b2cde293acc15d784bfecce5efe4055d953a3c3bcb152c2c6e3edef
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 257f930fff8ac5571b740c804d3fe8f9527e358f99b749092fc537f7b3a7f2a5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89312772A486044BC7199D3D4C9026FBA939BC5330F2DC73EEAB68B3C5DB788C404242
                                                                                                                                                                                                                            Function 007F403A Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 1f09f7a16158a80a5d2a281cec0ae81a590d066af2a7c65253e6b0e94bb0974b
                                                                                                                                                                                                                            • Instruction ID: 60f721bee81fac142480f202ddfe2ccd925b7e17ba771f0b78e4fc556d04fa31
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f09f7a16158a80a5d2a281cec0ae81a590d066af2a7c65253e6b0e94bb0974b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19311AF3F2062447F3944829DC993626183DBD5324F2F86398B5CABBC5D87D9D0A5288
                                                                                                                                                                                                                            Function 0080C35F Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4cbf586abaa83b6596e92893b3a71486d112fd470477d28c33837d91bd37f7ec
                                                                                                                                                                                                                            • Instruction ID: eb5c8e18fb5c426f8028e8dced87029d2fd772d608870ea5f79d1b253dd18e63
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cbf586abaa83b6596e92893b3a71486d112fd470477d28c33837d91bd37f7ec
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22317EF7E5153547F3584864CD583A266929790314F2F82388E5CBBBC5E87E9D0A52C4
                                                                                                                                                                                                                            Function 007DD159 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 22b275bd71b6c88a94b9562c29e6afe081aac2dcf86b8d1116cfd899da00cf6c
                                                                                                                                                                                                                            • Instruction ID: a24da885a39f72e80e4576c39836bad485b821d24c5251594f3d33b87d685673
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22b275bd71b6c88a94b9562c29e6afe081aac2dcf86b8d1116cfd899da00cf6c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 983188F7F1112047F7980828DD5936265439BD5324F2F82398F9D6B7C6DC3E9D0A9284
                                                                                                                                                                                                                            Function 00816293 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4740dfb45a636bbf7f492abe263d1cb0ab065a33d09142cc1a293a031be2e65e
                                                                                                                                                                                                                            • Instruction ID: 90440fd6b1573918e86d3d7d7962ad5bd258fb483b8999068b64ab3463ec493a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4740dfb45a636bbf7f492abe263d1cb0ab065a33d09142cc1a293a031be2e65e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC317AB7E1063547F3A80878DDA936665829BA0320F2F82398F5E6BBC1DC7D4D095284
                                                                                                                                                                                                                            Function 0079E30D Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: d40a23a60b61be936cc4bcf29ff379e8784999867f6d107bf9675d651fa3352b
                                                                                                                                                                                                                            • Instruction ID: adb8e05aa0354a903fec1287ba7336a4bbe2dd0d02e22ef22417b8ea10432e88
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d40a23a60b61be936cc4bcf29ff379e8784999867f6d107bf9675d651fa3352b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E831DBB3F1162547F3A84879CD99392658397D5320F2F82748E6CAB7C1DCBE9D095284
                                                                                                                                                                                                                            Function 0078C466 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 06f6f0e36264422a0d29c38a273ece0464b694e5846d2aa6cc1305e36ad74090
                                                                                                                                                                                                                            • Instruction ID: a85a907cab627aa585e24764a5862a5890f14e45385fef1a4d9a3cfc46b256fc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06f6f0e36264422a0d29c38a273ece0464b694e5846d2aa6cc1305e36ad74090
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79316AB3F5122447F3544879CC58392218397D9325F2FC2398AA86BBCADC7D4D0A9380
                                                                                                                                                                                                                            Function 007BE4FC Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: cb910367bca0c8b47c8e25a42640681a7a3d1eca81d9d794050514629d1cdbfb
                                                                                                                                                                                                                            • Instruction ID: 9d87f1022c8773acf91b982b7fc4689986b8a19aafa1ad81b6b259e30f81bcb1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb910367bca0c8b47c8e25a42640681a7a3d1eca81d9d794050514629d1cdbfb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7217C73E6113147F35448B8DC9839265829B95324F2F83788E5CFB7C1D8AE9C4553C4
                                                                                                                                                                                                                            Function 007A00D3 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 4c80554a85cddea61dffc6cbc9b8133f50edc0502829a61ddf098e6a7a53501e
                                                                                                                                                                                                                            • Instruction ID: 428c0234a8b4a3e08513a9d26df4cbe5775b08dce85d158e89bfa38f5bbc38b3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c80554a85cddea61dffc6cbc9b8133f50edc0502829a61ddf098e6a7a53501e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C216FF3F6163147F7584838CD993A2654297A4720F2F82398E9DE77C5DCBD8D0A5284
                                                                                                                                                                                                                            Function 007EC463 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: ce8ccd735abd50053ac839c552edebfe78ff357f3729ed9136294e0ebe8c55b9
                                                                                                                                                                                                                            • Instruction ID: 1e0feae5a7e95bb85bec5e83155c22ebf7e67c77665a5f797a46ebacac0cc649
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce8ccd735abd50053ac839c552edebfe78ff357f3729ed9136294e0ebe8c55b9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7213DF7F9022147F7984869EDA936261539BD4318F2F813DCB495B7C5ECBD4C0A8284
                                                                                                                                                                                                                            Function 007921D2 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b59c9204f263c6840e0f545e34f103ebdf74f38dfa76908f358a841d2f6b89de
                                                                                                                                                                                                                            • Instruction ID: f489d4726f802979bb8ecdaea8a8ba186f590a75075b86abcfe5f4ad818b6ff0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b59c9204f263c6840e0f545e34f103ebdf74f38dfa76908f358a841d2f6b89de
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 862130B3F102214BF7548879CD983666583D7D5314F2BC2798E5C9B7C9ECBE8D4A5280
                                                                                                                                                                                                                            Function 007863FA Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 8db2ef2c7c697136a344862f71c75993482fff0ee59090a1f17ae2805730adbc
                                                                                                                                                                                                                            • Instruction ID: 051db344ccf4e9b65955be53295c7afb7dc0f14ebf4cc4da798e67195c33fd1f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8db2ef2c7c697136a344862f71c75993482fff0ee59090a1f17ae2805730adbc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F210CB3F113254BF3944879C99839265939BD0324F2F82788F9C6B7C5DD7E5D095284
                                                                                                                                                                                                                            Function 007A6414 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: dce62146d114ce09eab0ce77530cc4a4a7cc79dc15a3cd571138c67523842882
                                                                                                                                                                                                                            • Instruction ID: 1b7ffc136de0cf81692cef25ec047e507480b733373465d95d9db8b732e142b9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dce62146d114ce09eab0ce77530cc4a4a7cc79dc15a3cd571138c67523842882
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D218FB3E0023547F3A84A68CC943A1B2529B95324F2F417C8E5D6B3D1DA3E6D09A3C4
                                                                                                                                                                                                                            Function 00746210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                            • Instruction ID: f33839aa394b9f01c2482f9f8359a38e750c93e3aee106d32c2c69113e6c241e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F611E933B051D40ED3168D3C8440565BFE31AD3734B194399F4B89B2D6D7268D8E9356
                                                                                                                                                                                                                            Function 0072C300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                            • Instruction ID: d0340032d95105c3e090a27ff5abefda00d818758d4ba3b2837ede73a302f2c3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9F03C60104BA18AD7328F398524377BFE09B23328F545A8CC5E35BAD2D37AE10A8795
                                                                                                                                                                                                                            Function 0073E0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                            • Instruction ID: 0114a852e89a22b82c843f0be1c0bb5426c26cdfebe5b64bde41e86c977a6b42
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FF065104087E28AEB234B3E44607B3AFE09B63120F281BD5C8E19B2C7C3199897C366
                                                                                                                                                                                                                            Function 0073D116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: fc39ee801fd356a7d05fb4e0d86047b54c1e95a207557f77520360140b75fa89
                                                                                                                                                                                                                            • Instruction ID: 414cb97b3eb38ca5a82f015aa2b9b0809b13c68d22937db0bbe478606c74599a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc39ee801fd356a7d05fb4e0d86047b54c1e95a207557f77520360140b75fa89
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4501F9716442829BD354CF38CCA05A7FBA1FB86364F08C75CD45587796C638D842C799
                                                                                                                                                                                                                            Function 007391AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 007391DA
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.2131141126.0000000000711000.00000040.00000001.01000000.00000003.sdmp, Offset: 00710000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131063922.0000000000710000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131141126.0000000000755000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131198698.0000000000763000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000765000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009D3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.00000000009FF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A09000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131212316.0000000000A17000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131719411.0000000000A18000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131858879.0000000000BC0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.2131874429.0000000000BC1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_710000_GHXsFkoroU.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                            • String ID: +Ku$wpq
                                                                                                                                                                                                                            • API String ID: 237503144-1953850642
                                                                                                                                                                                                                            • Opcode ID: ff2e48da58ebe298a212a067e50a7657e864d61cfb68adfcbc960f1c96b80ede
                                                                                                                                                                                                                            • Instruction ID: 24402c36a627a2df7a6a6a2f8f0f625c34c218aee1fa3eca7a27128b62761fe8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff2e48da58ebe298a212a067e50a7657e864d61cfb68adfcbc960f1c96b80ede
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3551BB7220C3568FC324CF29984076FB6E6EBC5310F55892DE5AACB285DB74D50ACB92