Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4hQFnbWlj8.exe

Overview

General Information

Sample name:4hQFnbWlj8.exe
renamed because original name is a hash value
Original sample name:d0379319a04dc9cfb050269fb99c68d574d11e3b10da6a10b8a984eb6b1324d4.exe
Analysis ID:1587653
MD5:4ce2ce1838b14b0dda1477b7d5c57e9e
SHA1:2a325cbebf2b6e5dc0a86a515673f78a215b8877
SHA256:d0379319a04dc9cfb050269fb99c68d574d11e3b10da6a10b8a984eb6b1324d4
Tags:exeuser-adrian__luca
Infos:

Detection

Vidar
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Vidar stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 4hQFnbWlj8.exe (PID: 2368 cmdline: "C:\Users\user\Desktop\4hQFnbWlj8.exe" MD5: 4CE2CE1838B14B0DDA1477B7D5C57E9E)
    • conhost.exe (PID: 5352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 4hQFnbWlj8.exe (PID: 1620 cmdline: "C:\Users\user\Desktop\4hQFnbWlj8.exe" MD5: 4CE2CE1838B14B0DDA1477B7D5C57E9E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "http://www.microsoft.com0", "Botnet": "1402"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: 4hQFnbWlj8.exe PID: 1620JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2025-01-10T16:31:21.475869+010020287653Unknown Traffic192.168.2.45683495.217.25.228443TCP
    2025-01-10T16:31:55.966978+010020287653Unknown Traffic192.168.2.44973395.217.25.228443TCP
    2025-01-10T16:32:30.216107+010020287653Unknown Traffic192.168.2.44974395.217.25.228443TCP
    2025-01-10T16:33:04.482234+010020287653Unknown Traffic192.168.2.45670495.217.25.228443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://95.217.25.228/EkAvira URL Cloud: Label: malware
    Source: https://95.217.25.228Avira URL Cloud: Label: malware
    Source: https://95.217.25.228/kEfAvira URL Cloud: Label: malware
    Source: https://95.217.25.228/Avira URL Cloud: Label: malware
    Source: https://95.217.25.228/RAvira URL Cloud: Label: malware
    Source: https://95.217.25.228/VAvira URL Cloud: Label: malware
    Source: https://95.217.25.228/zAvira URL Cloud: Label: malware
    Source: https://95.217.25.228/~Avira URL Cloud: Label: malware
    Found malware configuration
    Source: 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "http://www.microsoft.com0", "Botnet": "1402"}
    Multi AV Scanner detection for submitted file
    Source: 4hQFnbWlj8.exeVirustotal: Detection: 76%Perma Link
    Source: 4hQFnbWlj8.exeReversingLabs: Detection: 71%
    Machine Learning detection for sample
    Source: 4hQFnbWlj8.exeJoe Sandbox ML: detected
    Source: 4hQFnbWlj8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49732 version: TLS 1.2
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007C361F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_007C361F

    Networking

    barindex
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: http://www.microsoft.com0
    Source: global trafficTCP traffic: 192.168.2.4:56558 -> 162.159.36.2:53
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=e89b77bf5af12dce371ece1e; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=e89b77bf5af12dce371ece1e; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=e89b77bf5af12dce371ece1e; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49733 -> 95.217.25.228:443
    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49743 -> 95.217.25.228:443
    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:56704 -> 95.217.25.228:443
    Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:56834 -> 95.217.25.228:443
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownTCP traffic detected without corresponding DNS query: 95.217.25.228
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00418B3F InternetReadFile,2_2_00418B3F
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=e89b77bf5af12dce371ece1e; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=e89b77bf5af12dce371ece1e; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
    Source: global trafficHTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
    Source: global trafficHTTP traffic detected: GET /profiles/76561199803837316 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=e89b77bf5af12dce371ece1e; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ttps://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;; equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steam. equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steam..a equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ttps://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: t.me
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623211559.00000000001C2000.00000004.00000010.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://95.217.25.228
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117303261.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117303261.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/&
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228//
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/Ek
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/Jj
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/R
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/V
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/kEf
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/z
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.25.228/~
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflar
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflar/economy.js?v=nWrdv801aW2D&l=english&_cdn=cloudflare
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflar4dlp
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=3CSOZ0Rac3
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/communityEN_URL":"htt
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8LXN&l=english&am
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&l=engli
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&l=en
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623211559.00000000001C2000.00000004.00000010.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=M_FU
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=3W_ge11SZngF&l=englis
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&l=
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=engli
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&l=engli
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=iGFW_JMULCcZ&
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reporte
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reporte.518
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=VsdTzPa1YF_Y&amp
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&l=engl
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&l=
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javasc
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=0y-Qdz9keFm
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://help.steampowered.com/en/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam..a
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/)t:f)
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/R
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/_U
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/aubg
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/discussions/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623211559.00000000001C2000.00000004.00000010.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199803837316
    Source: 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/mark
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/mark;
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/market/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/markj~
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316(
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316-8
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316/badges
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316/inventory/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316NeWU
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199803837316g88paMozilla/5.0
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/soft
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://steamcommunity.com/workshop/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623211559.00000000001C2000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://store.steampower
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;;
    Source: 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/about/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/explore/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/legal/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/mobile
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/news/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/stats/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623211559.00000000001C2000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://store.steampowerps
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/Q
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/g
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlp
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlpA
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlpO
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117303261.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlpR
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117303261.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlpZ
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlpaiXgp
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlpg88paMozilla/5.0
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/gv4dlpom
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telegram.org/img/t_logo_2x.png
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.orgPj
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56833
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56834
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56832
    Source: unknownNetwork traffic detected: HTTP traffic on port 56833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56688 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56704
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56688
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56694
    Source: unknownNetwork traffic detected: HTTP traffic on port 56694 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56832 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 56704 -> 443
    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49732 version: TLS 1.2
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077E3400_2_0077E340
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A33400_2_007A3340
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0073A3300_2_0073A330
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007624E00_2_007624E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0073C5A00_2_0073C5A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AB8500_2_007AB850
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AD9C00_2_007AD9C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007ACB500_2_007ACB50
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007ADB800_2_007ADB80
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A6CD00_2_007A6CD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00784DA00_2_00784DA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00752ED00_2_00752ED0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077D0700_2_0077D070
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007900700_2_00790070
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007610600_2_00761060
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007440500_2_00744050
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077C0500_2_0077C050
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007910200_2_00791020
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007310000_2_00731000
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0075F0E00_2_0075F0E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007520E00_2_007520E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007960E00_2_007960E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007530C00_2_007530C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007770B00_2_007770B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007940A00_2_007940A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076E1600_2_0076E160
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074F1500_2_0074F150
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077E1500_2_0077E150
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AF1500_2_007AF150
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076B1400_2_0076B140
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007401300_2_00740130
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007C61220_2_007C6122
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007411100_2_00741110
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007991100_2_00799110
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007481000_2_00748100
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007571000_2_00757100
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0075D1F00_2_0075D1F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007691F00_2_007691F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007801E00_2_007801E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AE1E00_2_007AE1E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074E1C00_2_0074E1C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B21C00_2_007B21C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007601B00_2_007601B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0078E1A00_2_0078E1A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076D1900_2_0076D190
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0073D1800_2_0073D180
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007532700_2_00753270
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007872700_2_00787270
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007682600_2_00768260
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007552500_2_00755250
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007862500_2_00786250
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074D2400_2_0074D240
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007892400_2_00789240
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076F2300_2_0076F230
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077A2200_2_0077A220
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007632000_2_00763200
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007762E00_2_007762E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007882900_2_00788290
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A03600_2_007A0360
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007723500_2_00772350
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007823500_2_00782350
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0078D3500_2_0078D350
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079D3500_2_0079D350
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079C3400_2_0079C340
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007663200_2_00766320
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AF3200_2_007AF320
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007CB30E0_2_007CB30E
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B63F00_2_007B63F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AC3E00_2_007AC3E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B73E00_2_007B73E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007593D00_2_007593D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079A3D00_2_0079A3D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007603C00_2_007603C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A73C00_2_007A73C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079E3A00_2_0079E3A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007983900_2_00798390
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007833800_2_00783380
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007803800_2_00780380
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074D4700_2_0074D470
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007784700_2_00778470
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079F4700_2_0079F470
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007924700_2_00792470
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007884400_2_00788440
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AD4400_2_007AD440
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007534300_2_00753430
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007484200_2_00748420
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077A4200_2_0077A420
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007644000_2_00764400
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077F4000_2_0077F400
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A44000_2_007A4400
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AF4D00_2_007AF4D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077C4C00_2_0077C4C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A24B00_2_007A24B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0075B4900_2_0075B490
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077D4900_2_0077D490
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076F4800_2_0076F480
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007585700_2_00758570
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0075E5700_2_0075E570
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079E5700_2_0079E570
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076B5600_2_0076B560
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007965500_2_00796550
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A05400_2_007A0540
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077B5300_2_0077B530
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B25100_2_007B2510
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0075A5000_2_0075A500
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AD5F00_2_007AD5F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B05E00_2_007B05E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007705D00_2_007705D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007855D00_2_007855D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007945B00_2_007945B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007465900_2_00746590
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007876700_2_00787670
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007656600_2_00765660
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007766600_2_00776660
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0078C6500_2_0078C650
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074E6400_2_0074E640
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007516400_2_00751640
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0075B6300_2_0075B630
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A96000_2_007A9600
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0078A6F00_2_0078A6F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079C6F00_2_0079C6F0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007596E00_2_007596E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B46D00_2_007B46D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007906C00_2_007906C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076A6B00_2_0076A6B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007646B00_2_007646B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007456900_2_00745690
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007546900_2_00754690
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007846900_2_00784690
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B56800_2_007B5680
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007607700_2_00760770
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A87700_2_007A8770
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007967500_2_00796750
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B37400_2_007B3740
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007937300_2_00793730
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007427100_2_00742710
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007587100_2_00758710
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A17100_2_007A1710
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007C77100_2_007C7710
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079F7E00_2_0079F7E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007437D00_2_007437D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007867D00_2_007867D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007987900_2_00798790
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007548600_2_00754860
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A78400_2_007A7840
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007568300_2_00756830
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007808100_2_00780810
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007448000_2_00744800
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B38E00_2_007B38E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077E8C00_2_0077E8C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076D8B00_2_0076D8B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007818B00_2_007818B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007978B00_2_007978B0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077D8A00_2_0077D8A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079B8A00_2_0079B8A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007878800_2_00787880
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A28800_2_007A2880
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B29700_2_007B2970
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0073C9600_2_0073C960
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007559500_2_00755950
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A69500_2_007A6950
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AA9500_2_007AA950
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007609200_2_00760920
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077B9200_2_0077B920
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007629100_2_00762910
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007919100_2_00791910
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076B9000_2_0076B900
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0075E9E00_2_0075E9E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079F9D00_2_0079F9D0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007449C00_2_007449C0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0078F9A00_2_0078F9A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B69A00_2_007B69A0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A09900_2_007A0990
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A59800_2_007A5980
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00770A600_2_00770A60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00796A600_2_00796A60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00795A600_2_00795A60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0075CA500_2_0075CA50
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074CA400_2_0074CA40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0078DA400_2_0078DA40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00763A300_2_00763A30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00742A200_2_00742A20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00746A200_2_00746A20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00754A100_2_00754A10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074EA000_2_0074EA00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00753A000_2_00753A00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079DA000_2_0079DA00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00741AF00_2_00741AF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00761AF00_2_00761AF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00786AF00_2_00786AF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A4AF00_2_007A4AF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077BAD00_2_0077BAD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076CAB00_2_0076CAB0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00794AB00_2_00794AB0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0073FAA00_2_0073FAA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00740AA00_2_00740AA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00749AA00_2_00749AA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B4AA00_2_007B4AA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0073EA900_2_0073EA90
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00790A800_2_00790A80
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00788B400_2_00788B40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00767B300_2_00767B30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079EB300_2_0079EB30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00793B200_2_00793B20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00764B000_2_00764B00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00797BE00_2_00797BE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079CBD00_2_0079CBD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074ABC00_2_0074ABC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074EBB00_2_0074EBB0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0075DBB00_2_0075DBB0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00747BA00_2_00747BA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00778BA00_2_00778BA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077FB900_2_0077FB90
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00798B900_2_00798B90
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00779C700_2_00779C70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AFC700_2_007AFC70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074DC600_2_0074DC60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0073EC400_2_0073EC40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00754C400_2_00754C40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B1C400_2_007B1C40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0078AC200_2_0078AC20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00783C100_2_00783C10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B5C100_2_007B5C10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00776C000_2_00776C00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00799CD00_2_00799CD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00793CD00_2_00793CD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00766CC00_2_00766CC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077ECC00_2_0077ECC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A7CC00_2_007A7CC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077CCA00_2_0077CCA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A4CA00_2_007A4CA0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007BBC920_2_007BBC92
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0075CD700_2_0075CD70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076BD600_2_0076BD60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A1D600_2_007A1D60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00747D500_2_00747D50
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00765D400_2_00765D40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00791D300_2_00791D30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007ABD300_2_007ABD30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B6D100_2_007B6D10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074FD000_2_0074FD00
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00770DF00_2_00770DF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077DDF00_2_0077DDF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00794DF00_2_00794DF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0073EDE00_2_0073EDE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00781DE00_2_00781DE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0079FDD00_2_0079FDD0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00782DB00_2_00782DB0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076FE700_2_0076FE70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00762E700_2_00762E70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00779E600_2_00779E60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0074DE300_2_0074DE30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0077AE300_2_0077AE30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AFE300_2_007AFE30
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00759E200_2_00759E20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00748E100_2_00748E10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00753EF00_2_00753EF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00757EF00_2_00757EF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0073DEE00_2_0073DEE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00786ED00_2_00786ED0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00785ED00_2_00785ED0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00766EC00_2_00766EC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007ADEC00_2_007ADEC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00787E800_2_00787E80
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00799E800_2_00799E80
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007AAF700_2_007AAF70
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0073BF600_2_0073BF60
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00775F500_2_00775F50
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A2F400_2_007A2F40
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00763F200_2_00763F20
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007A1F100_2_007A1F10
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0078DFF00_2_0078DFF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00796FF00_2_00796FF0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_0076CFE00_2_0076CFE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B3FE00_2_007B3FE0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00742FC00_2_00742FC0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_00745F900_2_00745F90
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C8E62_2_0043C8E6
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C0712_2_0040C071
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D0012_2_0040D001
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004070012_2_00407001
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004090012_2_00409001
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C0012_2_0043C001
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A0112_2_0040A011
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043D0112_2_0043D011
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004040312_2_00404031
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004260312_2_00426031
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004060F12_2_004060F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004070F12_2_004070F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A0F12_2_0040A0F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C0F12_2_0043C0F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043D0F12_2_0043D0F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0042A0F12_2_0042A0F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004050812_2_00405081
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004080912_2_00408091
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041E0A12_2_0041E0A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004081512_2_00408151
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004091712_2_00409171
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040F1112_2_0040F111
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C1112_2_0040C111
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004041112_2_00404111
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004281C12_2_004281C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004061D12_2_004061D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041D1E12_2_0041D1E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004081F12_2_004081F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041E1812_2_0041E181
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A1912_2_0040A191
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C1912_2_0043C191
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004041B12_2_004041B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004092412_2_00409241
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C2412_2_0040C241
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0044025F2_2_0044025F
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004042612_2_00404261
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004062712_2_00406271
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004072112_2_00407211
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043B21F2_2_0043B21F
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C2212_2_0043C221
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C2C12_2_0043C2C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043B2F12_2_0043B2F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004052812_2_00405281
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A2812_2_0040A281
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041E2912_2_0041E291
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004072A12_2_004072A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004202B12_2_004202B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004073412_2_00407341
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A3512_2_0040A351
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041E3712_2_0041E371
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043A3712_2_0043A371
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004093012_2_00409301
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C3112_2_0040C311
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004253202_2_00425320
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004283C12_2_004283C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004093D12_2_004093D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004073E12_2_004073E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043B3E12_2_0043B3E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004043812_2_00404381
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004083812_2_00408381
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D3B12_2_0040D3B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004054612_2_00405461
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004064612_2_00406461
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A4612_2_0040A461
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D4712_2_0040D471
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043A4712_2_0043A471
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C4012_2_0040C401
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040F4012_2_0040F401
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004084312_2_00408431
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004044D12_2_004044D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004064F12_2_004064F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C4A12_2_0040C4A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004094A12_2_004094A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043B4B12_2_0043B4B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C4B12_2_0043C4B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A5512_2_0040A551
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C5512_2_0043C551
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043A5612_2_0043A561
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004085012_2_00408501
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004075012_2_00407501
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004285012_2_00428501
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D5212_2_0040D521
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D5C12_2_0040D5C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004055C12_2_004055C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040E5C12_2_0040E5C1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004085D12_2_004085D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C5F12_2_0043C5F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B5912_2_0040B591
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004095912_2_00409591
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004045912_2_00404591
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004096412_2_00409641
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004076112_2_00407611
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004066212_2_00406621
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004056D12_2_004056D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C6E12_2_0040C6E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004046E12_2_004046E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D6812_2_0040D681
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043C6812_2_0043C681
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B6A12_2_0040B6A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A7412_2_0040A741
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B7412_2_0040B741
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004067612_2_00406761
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004057712_2_00405771
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004097112_2_00409711
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004077112_2_00407711
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004087312_2_00408731
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004397D12_2_004397D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004087E12_2_004087E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004097E12_2_004097E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A7E12_2_0040A7E1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B7F12_2_0040B7F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004047812_2_00404781
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040E7A12_2_0040E7A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004077B12_2_004077B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040E8412_2_0040E841
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004058612_2_00405861
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004048712_2_00404871
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C8012_2_0040C801
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004068012_2_00406801
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A8F12_2_0040A8F1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004078912_2_00407891
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B8A12_2_0040B8A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004098B12_2_004098B1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004069412_2_00406941
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040E9512_2_0040E951
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040D9712_2_0040D971
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040B9712_2_0040B971
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004089112_2_00408911
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040C9212_2_0040C921
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004049212_2_00404921
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004059212_2_00405921
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041F9312_2_0041F931
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043B9312_2_0043B931
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004059D12_2_004059D1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041C9812_2_0041C981
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040A9A12_2_0040A9A1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CA512_2_0040CA51
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406A612_2_00406A61
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00405A712_2_00405A71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040AA712_2_0040AA71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041FA012_2_0041FA01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040FA012_2_0040FA01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CA012_2_0043CA01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00404A112_2_00404A11
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00401A212_2_00401A21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408A312_2_00408A31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CAD12_2_0043CAD1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00409AF12_2_00409AF1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040DA812_2_0040DA81
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00407A912_2_00407A91
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0042DB612_2_0042DB61
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041EB712_2_0041EB71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403B012_2_00403B01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00405B112_2_00405B11
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00401B212_2_00401B21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408B212_2_00408B21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040AB312_2_0040AB31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00404B312_2_00404B31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043BB312_2_0043BB31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403BC12_2_00403BC1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00404BC12_2_00404BC1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00426BD12_2_00426BD1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040DBE12_2_0040DBE1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00407BF12_2_00407BF1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406B812_2_00406B81
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CBA12_2_0040CBA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040EBA12_2_0040EBA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CBA12_2_0043CBA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0042EBA12_2_0042EBA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040BBB12_2_0040BBB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00409BB12_2_00409BB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CC412_2_0040CC41
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00439C512_2_00439C51
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CC612_2_0043CC61
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406C712_2_00406C71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040BC712_2_0040BC71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00426C712_2_00426C71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408C212_2_00408C21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00405C212_2_00405C21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040EC312_2_0040EC31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043ECC12_2_0043ECC1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00404CE12_2_00404CE1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403C812_2_00403C81
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00409CA12_2_00409CA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043BCA12_2_0043BCA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00407CB12_2_00407CB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00420CB12_2_00420CB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040BD512_2_0040BD51
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0042DD512_2_0042DD51
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00409D612_2_00409D61
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041ED012_2_0041ED01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406D012_2_00406D01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CD012_2_0040CD01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040DD012_2_0040DD01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040ED012_2_0040ED01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CD012_2_0043CD01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00405D112_2_00405D11
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408D312_2_00408D31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00426D312_2_00426D31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00407DD12_2_00407DD1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040DDD12_2_0040DDD1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00426DD12_2_00426DD1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CDE12_2_0043CDE1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406DF12_2_00406DF1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403DA12_2_00403DA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CDA12_2_0040CDA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043BDB12_2_0043BDB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040CE412_2_0040CE41
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043BE712_2_0043BE71
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040AE012_2_0040AE01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00404E012_2_00404E01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408E012_2_00408E01
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00405E112_2_00405E11
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403E312_2_00403E31
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00409ED12_2_00409ED1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00403ED12_2_00403ED1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040BEE12_2_0040BEE1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00406E912_2_00406E91
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00429E912_2_00429E91
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0041AEA12_2_0041AEA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040DEA12_2_0040DEA1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00408EB12_2_00408EB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0043CEB12_2_0043CEB1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: String function: 007B9440 appears 68 times
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: String function: 007BE178 appears 36 times
    Source: 4hQFnbWlj8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: 4hQFnbWlj8.exeStatic PE information: Section: .bss ZLIB complexity 1.0003243284493284
    Source: classification engineClassification label: mal92.troj.evad.winEXE@4/3@2/3
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199803837316[1].htmJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5352:120:WilError_03
    Source: 4hQFnbWlj8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: 4hQFnbWlj8.exeVirustotal: Detection: 76%
    Source: 4hQFnbWlj8.exeReversingLabs: Detection: 71%
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeFile read: C:\Users\user\Desktop\4hQFnbWlj8.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\4hQFnbWlj8.exe "C:\Users\user\Desktop\4hQFnbWlj8.exe"
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeProcess created: C:\Users\user\Desktop\4hQFnbWlj8.exe "C:\Users\user\Desktop\4hQFnbWlj8.exe"
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeProcess created: C:\Users\user\Desktop\4hQFnbWlj8.exe "C:\Users\user\Desktop\4hQFnbWlj8.exe"Jump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: rstrtmgr.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
    Source: 4hQFnbWlj8.exeStatic file information: File size 1122304 > 1048576
    Source: 4hQFnbWlj8.exeStatic PE information: section name: .00cfg
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B9524 push ecx; ret 0_2_007B9537
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_007B9524 push ecx; ret 2_2_007B9537
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B974D GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_007B974D
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
    Source: 4hQFnbWlj8.exeBinary or memory string: DIR_WATCH.DLL
    Source: 4hQFnbWlj8.exeBinary or memory string: SBIEDLL.DLL
    Source: 4hQFnbWlj8.exeBinary or memory string: API_LOG.DLL
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: <EABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION4@
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeAPI coverage: 7.2 %
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeAPI coverage: 8.0 %
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exe TID: 1900Thread sleep time: -60000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007C361F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_007C361F
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeThread delayed: delay time: 60000Jump to behavior
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000065F000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVMware
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A64000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B90E0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007B90E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007D61A9 mov edi, dword ptr fs:[00000030h]0_2_007D61A9
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_004015DF mov eax, dword ptr fs:[00000030h]2_2_004015DF
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_00401661 mov eax, dword ptr fs:[00000030h]2_2_00401661
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0040190C test dword ptr fs:[00000030h], 00000068h2_2_0040190C
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007BFB4D GetProcessHeap,0_2_007BFB4D
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B905A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_007B905A
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B90E0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007B90E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B90D4 SetUnhandledExceptionFilter,0_2_007B90D4
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007BDECA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007BDECA
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_007B905A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_007B905A
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_007B90E0 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_007B90E0
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_007B90D4 SetUnhandledExceptionFilter,2_2_007B90D4
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_007BDECA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_007BDECA

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Contains functionality to inject code into remote processes
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007D61A9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_007D61A9
    Injects a PE file into a foreign processes
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeMemory written: C:\Users\user\Desktop\4hQFnbWlj8.exe base: 400000 value starts with: 4D5AJump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeProcess created: C:\Users\user\Desktop\4hQFnbWlj8.exe "C:\Users\user\Desktop\4hQFnbWlj8.exe"Jump to behavior
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B9251 cpuid 0_2_007B9251
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 0_2_007B9A21 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_007B9A21
    Source: C:\Users\user\Desktop\4hQFnbWlj8.exeCode function: 2_2_0042ED59 GetUserNameA,2_2_0042ED59

    Stealing of Sensitive Information

    barindex
    Yara detected Vidar stealer
    Source: Yara matchFile source: Process Memory Space: 4hQFnbWlj8.exe PID: 1620, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Vidar stealer
    Source: Yara matchFile source: Process Memory Space: 4hQFnbWlj8.exe PID: 1620, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    DLL Side-Loading    		211
    Process Injection    		1
    Masquerading    		OS Credential Dumping1
    System Time Discovery    		Remote Services1
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		11
    Virtualization/Sandbox Evasion    		LSASS Memory1
    Query Registry    		Remote Desktop ProtocolData from Removable Media2
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)211
    Process Injection    		Security Account Manager121
    Security Software Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Deobfuscate/Decode Files or Information    		NTDS11
    Virtualization/Sandbox Evasion    		Distributed Component Object ModelInput Capture13
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
    Obfuscated Files or Information    		LSA Secrets1
    Account Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Software Packing    		Cached Domain Credentials1
    System Owner/User Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    DLL Side-Loading    		DCSync1
    File and Directory Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem12
    System Information Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    4hQFnbWlj8.exe76%VirustotalBrowse
    4hQFnbWlj8.exe71%ReversingLabsWin32.Trojan.LummaC
    4hQFnbWlj8.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://95.217.25.228/Ek100%Avira URL Cloudmalware
    https://community.cloudflar4dlp0%Avira URL Cloudsafe
    https://95.217.25.228100%Avira URL Cloudmalware
    https://95.217.25.228/kEf100%Avira URL Cloudmalware
    https://web.telegram.orgPj0%Avira URL Cloudsafe
    https://store.steampower0%Avira URL Cloudsafe
    https://95.217.25.228/100%Avira URL Cloudmalware
    https://95.217.25.228/R100%Avira URL Cloudmalware
    https://95.217.25.228/V100%Avira URL Cloudmalware
    https://community.cloudflar/economy.js?v=nWrdv801aW2D&l=english&_cdn=cloudflare0%Avira URL Cloudsafe
    https://steam..a0%Avira URL Cloudsafe
    https://store.steampowerps0%Avira URL Cloudsafe
    https://95.217.25.228/z100%Avira URL Cloudmalware
    https://95.217.25.228/~100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		high
      t.me
      		149.154.167.99
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://steamcommunity.com/profiles/76561199803837316false
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://t.me/gv4dlpO4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A37000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8LXN&amp;l=english&am4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
              		high
              https://player.vimeo.com4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://community.cloudflare.steamstatic.com/public/css/applications/community4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                  		high
                  https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&amp;l=engli4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                    		high
                    https://steamcommunity.com/)t:f)4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://steamcommunity.com/?subsection=broadcasts4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                        		high
                        https://t.me/gv4dlpA4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A37000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://store.steampowered.com/subscriber_agreement/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                            		high
                            https://www.gstatic.cn/recaptcha/4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://community.cloudflare.steamstatic.com/public/shared/javasc4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                		high
                                https://telegram.org/img/t_logo_2x.png4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://steamcommunity.com/profiles/76561199803837316g88paMozilla/5.04hQFnbWlj8.exe, 00000002.00000002.3623248691.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.valvesoftware.com/legal.htm4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                      		high
                                      https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                        		high
                                        https://www.youtube.com4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.google.com4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                              		high
                                              https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=engl4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                		high
                                                https://steamcommunity.com/profiles/76561199803837316/inventory/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                  		high
                                                  https://95.217.25.22876561199803837316[1].htm.2.drfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                    		high
                                                    https://steamcommunity.com/soft4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://95.217.25.228/Ek4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://s.ytimg.com;4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://t.me/gv4dlpZ4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117303261.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                            		high
                                                            https://steam.tv/4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://t.me/gv4dlpR4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117303261.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://t.me/gv4dlpaiXgp4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.cloudflar4dlp4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://web.telegram.orgPj4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                    		high
                                                                    https://store.steampower4hQFnbWlj8.exe, 00000002.00000002.3623211559.00000000001C2000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://store.steampowered.com/privacy_agreement/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623211559.00000000001C2000.00000004.00000010.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                      		high
                                                                      https://store.steampowered.com/points/shop/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                        		high
                                                                        https://t.me/gv4dlpom4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://95.217.25.228/4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A7A000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117303261.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          https://sketchfab.com4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://lv.queniujq.cn4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.youtube.com/4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://steamcommunity.com/_U4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://store.steampowered.com/privacy_agreement/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                    		high
                                                                                    https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&amp;l=engli4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                      		high
                                                                                      https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=engli4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                          		high
                                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                            		high
                                                                                            https://community.cloudflar/economy.js?v=nWrdv801aW2D&l=english&_cdn=cloudflare4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://95.217.25.228/kEf4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620164hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                              		high
                                                                                              https://steamcommunity.com/profiles/76561199803837316(4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.google.com/recaptcha/4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://checkout.steampowered.com/4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://steamcommunity.com/mark4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                        		high
                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                          		high
                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                            		high
                                                                                                            https://store.steampowered.com/;4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://store.steampowered.com/about/76561199803837316[1].htm.2.drfalse
                                                                                                                		high
                                                                                                                https://community.cloudflare.steamstatic.com/4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.cloudflare.steamstatic.com/public/javascript/reporte4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://steamcommunity.com/my/wishlist/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                      		high
                                                                                                                      https://t.me/4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=76561199803837316[1].htm.2.drfalse
                                                                                                                          		high
                                                                                                                          https://steamcommunity.com/aubg4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://web.telegram.org4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://95.217.25.228/R4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: malware
                                                                                                                              		unknown
                                                                                                                              https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                		high
                                                                                                                                https://help.steampowered.com/en/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                  		high
                                                                                                                                  https://steamcommunity.com/market/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                    		high
                                                                                                                                    https://store.steampowered.com/news/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                      		high
                                                                                                                                      https://95.217.25.228/V4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                      		unknown
                                                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=3W_ge11SZngF&amp;l=englis4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                        		high
                                                                                                                                        https://store.steampowerps4hQFnbWlj8.exe, 00000002.00000002.3623211559.00000000001C2000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://community.cloudflar4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://store.steampowered.com/subscriber_agreement/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                            		high
                                                                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                              		high
                                                                                                                                              https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623211559.00000000001C2000.00000004.00000010.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                		high
                                                                                                                                                https://recaptcha.net/recaptcha/;4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://steamcommunity.com/discussions/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/stats/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://steamcommunity.com/R4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://medal.tv4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://broadcast.st.dl.eccdnx.com4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://steam..a4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B0A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://store.steampowered.com/steam_refunds/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&amp;l=en4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://steamcommunity.com/login/home/?goto=profiles%2F7656119980383731676561199803837316[1].htm.2.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://t.me/Q4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000A7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://95.217.25.228/z4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://95.217.25.228/~4hQFnbWlj8.exe, 00000002.00000003.2108265443.0000000000AAA000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2108156927.0000000000AAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://steamcommunity.com/workshop/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.3426118271.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.1787276521.0000000000A9F000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2472405375.0000000000B03000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://t.me/g4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://login.steampowered.com/4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://store.steampowered.com/legal/4hQFnbWlj8.exe, 00000002.00000003.2108239485.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000AA5000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623989460.0000000000B30000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2117370532.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2450649285.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2129979215.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000002.3623776876.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, 4hQFnbWlj8.exe, 00000002.00000003.2460145918.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, 76561199803837316[1].htm0.2.dr, 76561199803837316[1].htm.2.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/css/applications/communityEN_URL&quot;:&quot;htt4hQFnbWlj8.exe, 00000002.00000002.3623248691.000000000047B000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high

                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public IPs

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    104.102.49.254
                                                                                                                                                                                    		steamcommunity.comUnited States
                                                                                                                                                                                    		16625AKAMAI-ASUSfalse
                                                                                                                                                                                    95.217.25.228
                                                                                                                                                                                    		unknownGermany
                                                                                                                                                                                    		24940HETZNER-ASDEfalse
                                                                                                                                                                                    149.154.167.99
                                                                                                                                                                                    		t.meUnited Kingdom
                                                                                                                                                                                    		62041TELEGRAMRUfalse

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                    Analysis ID:1587653
                                                                                                                                                                                    Start date and time:2025-01-10 16:30:20 +01:00
                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 7m 14s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                    Run name:Run with higher sleep bypass
                                                                                                                                                                                    Number of analysed new started processes analysed:7
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Sample name:4hQFnbWlj8.exe
                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                    Original Sample Name:d0379319a04dc9cfb050269fb99c68d574d11e3b10da6a10b8a984eb6b1324d4.exe
                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                    Classification:mal92.troj.evad.winEXE@4/3@2/3
                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 82%
                                                                                                                                                                                    • Number of executed functions: 19
                                                                                                                                                                                    • Number of non-executed functions: 210
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                    • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                    Warnings

                                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.45
                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, 7.4.8.4.4.3.1.4.0.0.0.0.0.0.0.0.0.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    No simulations

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                    • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                    http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • www.valvesoftware.com/legal.htm
                                                                                                                                                                                    95.217.25.228file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                        149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • telegram.org/img/favicon.ico
                                                                                                                                                                                        http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                        http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                        http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                        http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                        http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • telegram.org/?setln=pl
                                                                                                                                                                                        http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                        http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • telegram.dog/
                                                                                                                                                                                        LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                        • t.me/cinoshibot
                                                                                                                                                                                        jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                        • t.me/cinoshibot

                                                                                                                                                                                        Domains

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        t.meDyM4yXX.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        5dFLJyS86S.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        Mes_Drivers_3.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 46.105.202.207
                                                                                                                                                                                        http://t.me/hhackplusGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        https://sendbot.me/mousse-w0fysl7Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 104.26.12.222
                                                                                                                                                                                        ZT0KQ1PC.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        RisingStrip.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        steamcommunity.comHouseholdsClicking.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        davies.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        FeedStation.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        DodSussex.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        DangerousMidlands.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        PortugalForum_nopump.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        fghj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        CondosGold_nopump.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        • 104.102.49.254

                                                                                                                                                                                        ASNs

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        TELEGRAMRUB7N48hmO78.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                        VIAmJUhQ54.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                        PO#17971.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                        RFQ SHEETS PX2 MULE25 SHENZHEN LUCKY.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                        https://marcuso-wq.github.io/home/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                        https://ranprojects0s0wemanin.nyc3.digitaloceanspaces.com/webmail.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                        dekont garanti bbva_Ba#U015fka Bankaya Transfer 01112 img .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                        #U0130LC#U0130 HOLD#U0130NG a.s fiyati_teklif 017867Sipari#U015fi jpeg doc .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                        fiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                        HETZNER-ASDEQUOTATION-9044456778.pdf (83kb).com.exeGet hashmaliciousPureLog Stealer, QuasarBrowse
                                                                                                                                                                                        • 195.201.57.90
                                                                                                                                                                                        http://pdfdrive.com.coGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 178.63.248.53
                                                                                                                                                                                        1162-201.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                        • 136.243.64.147
                                                                                                                                                                                        3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 197.242.86.251
                                                                                                                                                                                        https://199.188.109.181Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 188.40.164.54
                                                                                                                                                                                        n41dQbiw1Y.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                                                        • 188.40.141.211
                                                                                                                                                                                        https://downloads.jam-software.de/ultrasearch/UltraSearch-Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 116.202.5.43
                                                                                                                                                                                        https://customers.jam-software.de/downloadTrialProcess.php?article_no=671&Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 78.47.225.43
                                                                                                                                                                                        AKAMAI-ASUSHouseholdsClicking.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        davies.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        FeedStation.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        DodSussex.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        DangerousMidlands.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        PortugalForum_nopump.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        fghj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        CondosGold_nopump.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        • 104.102.49.254

                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19Mmm7GmDcR4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        g7Mz6hLxqw.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        ln5S7fIBkY.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        Osb7hkGfAb.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        SvmL9tW29w.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        Osb7hkGfAb.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        fTSt7dc60O.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        vq6jxdGvD6.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                        Ub46mg9pn4.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                        • 149.154.167.99

                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                        No context

                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199803837316[1].htm

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3254)
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):35600
                                                                                                                                                                                        Entropy (8bit):5.370836879105523
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:l5pq/Ku4fmBC5ReOpDLzQlFbaXfsW9l+X9hJYFn5OMF5CBHxaXfsW9l+X9hJYM2e:l58/Ku4fmBC5ReOpDLabaXfsW9l+X9hD
                                                                                                                                                                                        MD5:45A1576789EE57AFFE30F2A99C5691CE
                                                                                                                                                                                        SHA1:DCFD42EEF531FFE382EE2A89A979336A2763629F
                                                                                                                                                                                        SHA-256:14F5FD30FD467ACE945D19AF13165417A1284CE26BE055F27D443A3EE80915DD
                                                                                                                                                                                        SHA-512:4A19A584949A4DB3AF703C9C01988ECEE4050772F55310AB275C936EAE3D117B9230AC98EA89AE66D6CEDA68DE0BDA06D60C5910015262A1067AB9B14C8678DA
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:<!DOCTYPE html>.<html class=" responsive" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: g88pa https://95.217.25.228|</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\76561199803837316[1].htm

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3254)
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):35600
                                                                                                                                                                                        Entropy (8bit):5.370926103888289
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:768:l5pq/Ku4fmBC5ReOpDLzQlFbaXfsW9l+X9hJYFn5OMF5CBHxaXfsW9l+X9hJYM2w:l58/Ku4fmBC5ReOpDLabaXfsW9l+X9ht
                                                                                                                                                                                        MD5:5C315FCE0258F3A6614CCB6FA2996B39
                                                                                                                                                                                        SHA1:92F0E4C0D9A6DFF1DFCE0351D331CE2CA9D623E6
                                                                                                                                                                                        SHA-256:99CC7F8D4D7EE21E90D7B0B7D5FA85AEC226550BD2B286516BE038FA2133D36F
                                                                                                                                                                                        SHA-512:C0D66A4B71AA85D687CDBDF6C7B4B9C8247B3497124964C526E90B6FE410DE3D7788D2C6AD48A5533757EC493F06E2F2BD706CCBEFFEF38F449A5C0A9912A521
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Preview:<!DOCTYPE html>.<html class=" responsive" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: g88pa https://95.217.25.228|</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8

                                                                                                                                                                                        \Device\ConDrv

                                                                                                                                                                                        Download File
                                                                                                                                                                                        Process:C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3:V:V
                                                                                                                                                                                        MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                                                                                                                                                        SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                                                                                                                                                        SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                                                                                                                                                        SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                        Preview:0

                                                                                                                                                                                        Static File Info

                                                                                                                                                                                        General

                                                                                                                                                                                        File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                        Entropy (8bit):7.391713485730794
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                        File name:4hQFnbWlj8.exe
                                                                                                                                                                                        File size:1'122'304 bytes
                                                                                                                                                                                        MD5:4ce2ce1838b14b0dda1477b7d5c57e9e
                                                                                                                                                                                        SHA1:2a325cbebf2b6e5dc0a86a515673f78a215b8877
                                                                                                                                                                                        SHA256:d0379319a04dc9cfb050269fb99c68d574d11e3b10da6a10b8a984eb6b1324d4
                                                                                                                                                                                        SHA512:b9d533eb829f0a91180ec68f5b2adc341ed6f0cb0391452823763a09d7cac39e0f9dc62c0679e30dba94b0ff647d7ee9426f886ebb879697a2efd8d787229cad
                                                                                                                                                                                        SSDEEP:24576:vEN/si2azuLhn21szZkveEPNoYeOvxV3mhfyHU4Cvb6cnZOmKOWA7:ONz3aWeE6YTifyHU4CD6cZoO5
                                                                                                                                                                                        TLSH:D6355B04E911D1AFFE0D59B2915882C85C539B200F71C9E7BEAD6E253FEE7B21C26352
                                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...?3Hg..........................................@.......................................@..................................;..P..

                                                                                                                                                                                        File Icon

                                                                                                                                                                                        Icon Hash:90cececece8e8eb0

                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                        General

                                                                                                                                                                                        Entrypoint:0x489dec
                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        Subsystem:windows cui
                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                                        Time Stamp:0x6748333F [Thu Nov 28 09:09:19 2024 UTC]
                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                        Import Hash:bb056fb7e1da8cae84145e3bec77d9d4

                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                        Instruction
                                                                                                                                                                                        call 00007FF7F869C40Ah
                                                                                                                                                                                        jmp 00007FF7F869C279h
                                                                                                                                                                                        mov ecx, dword ptr [004A7584h]
                                                                                                                                                                                        push esi
                                                                                                                                                                                        push edi
                                                                                                                                                                                        mov edi, BB40E64Eh
                                                                                                                                                                                        mov esi, FFFF0000h
                                                                                                                                                                                        cmp ecx, edi
                                                                                                                                                                                        je 00007FF7F869C406h
                                                                                                                                                                                        test esi, ecx
                                                                                                                                                                                        jne 00007FF7F869C428h
                                                                                                                                                                                        call 00007FF7F869C431h
                                                                                                                                                                                        mov ecx, eax
                                                                                                                                                                                        cmp ecx, edi
                                                                                                                                                                                        jne 00007FF7F869C409h
                                                                                                                                                                                        mov ecx, BB40E64Fh
                                                                                                                                                                                        jmp 00007FF7F869C410h
                                                                                                                                                                                        test esi, ecx
                                                                                                                                                                                        jne 00007FF7F869C40Ch
                                                                                                                                                                                        or eax, 00004711h
                                                                                                                                                                                        shl eax, 10h
                                                                                                                                                                                        or ecx, eax
                                                                                                                                                                                        mov dword ptr [004A7584h], ecx
                                                                                                                                                                                        not ecx
                                                                                                                                                                                        pop edi
                                                                                                                                                                                        mov dword ptr [004A7580h], ecx
                                                                                                                                                                                        pop esi
                                                                                                                                                                                        ret
                                                                                                                                                                                        push ebp
                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                        sub esp, 14h
                                                                                                                                                                                        and dword ptr [ebp-0Ch], 00000000h
                                                                                                                                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                        and dword ptr [ebp-08h], 00000000h
                                                                                                                                                                                        push eax
                                                                                                                                                                                        call dword ptr [004A3E30h]
                                                                                                                                                                                        mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                        xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                        mov dword ptr [ebp-04h], eax
                                                                                                                                                                                        call dword ptr [004A3DECh]
                                                                                                                                                                                        xor dword ptr [ebp-04h], eax
                                                                                                                                                                                        call dword ptr [004A3DE8h]
                                                                                                                                                                                        xor dword ptr [ebp-04h], eax
                                                                                                                                                                                        lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                        push eax
                                                                                                                                                                                        call dword ptr [004A3E7Ch]
                                                                                                                                                                                        mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                        lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                        xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                        xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                        xor eax, ecx
                                                                                                                                                                                        leave
                                                                                                                                                                                        ret
                                                                                                                                                                                        mov eax, 00004000h
                                                                                                                                                                                        ret
                                                                                                                                                                                        push 004A9F00h
                                                                                                                                                                                        call dword ptr [004A3E58h]
                                                                                                                                                                                        ret
                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                        ret
                                                                                                                                                                                        push 00030000h
                                                                                                                                                                                        push 00010000h
                                                                                                                                                                                        push 00000000h
                                                                                                                                                                                        call 00007FF7F869FD01h

                                                                                                                                                                                        Data Directories

                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xa3b800x50.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xad0000x4eac.reloc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xa08c80x18.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x9d4b00xc0.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xa3d800x1b0.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                        Sections

                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        .text0x10000x9aa4a0x9ac0051cea9163c25a66dbd0f4334aba7a1d8False0.37038223192649433data6.647891981343546IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .rdata0x9c0000x902c0x9200b2fc8022f0ee28ee55dccbd98c0ad6a4False0.440255779109589TeX font metric data5.000677868033684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .data0xa60000x45ec0x22002afda32a0303344a92e89994b1f98098False0.322265625data5.341604192494311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .00cfg0xab0000x80x200acb3c1b9f0ee872b31028ec712d9625bFalse0.03125OpenPGP Public Key0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .tls0xac0000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                        .reloc0xad0000x4eac0x500095f38d2925dfbd52937d2a6173327064False0.739990234375data6.700858066983583IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .bss0xb20000x666000x66600a1cad7b361cbf3f3bc118bb43bf3d7c5False1.0003243284493284data7.999546477236083IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                        Imports

                                                                                                                                                                                        DLLImport
                                                                                                                                                                                        KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateEventW, CreateFileW, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeConditionVariable, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, InitializeSRWLock, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadFile, ReleaseSRWLockExclusive, ResetEvent, RtlUnwind, SetEnvironmentVariableW, SetEvent, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableCS, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryEnterCriticalSection, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, WaitForSingleObjectEx, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                                                                                                        USER32.dllBeginPaint, CreateWindowExW, DefWindowProcW, DispatchMessageW, EndPaint, GetMessageW, PostQuitMessage, RegisterClassW, ShowWindow, TranslateMessage, UpdateWindow
                                                                                                                                                                                        GDI32.dllTextOutW

                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                        2025-01-10T16:31:21.475869+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.45683495.217.25.228443TCP
                                                                                                                                                                                        2025-01-10T16:31:55.966978+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44973395.217.25.228443TCP
                                                                                                                                                                                        2025-01-10T16:32:30.216107+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44974395.217.25.228443TCP
                                                                                                                                                                                        2025-01-10T16:33:04.482234+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.45670495.217.25.228443TCP

                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Jan 10, 2025 16:31:21.491373062 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:21.491420031 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:21.491486073 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:21.508157015 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:21.508177042 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.198369026 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.198519945 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:22.323659897 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:22.323687077 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.324038982 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.324103117 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:22.333561897 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:22.375332117 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.547105074 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.547144890 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.547183990 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.547194004 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:22.547219992 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.547235012 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:22.547246933 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.547261953 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:22.547278881 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:22.549160004 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:22.549175024 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.574667931 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:22.574717045 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.574917078 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:22.575541973 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:22.575568914 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.249891043 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.249963045 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.254743099 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.254760981 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.255091906 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.255141020 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.255635977 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.303354025 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.771559000 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.771588087 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.771606922 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.771655083 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.771691084 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.771719933 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.771754980 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.868539095 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.868578911 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.868622065 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.868654013 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.868674040 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.868693113 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.873687029 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.873773098 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.878617048 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.878741980 CET44349732104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.878746033 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.878999949 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.878999949 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.878999949 CET49732443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:23.918757915 CET49733443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:31:23.918818951 CET4434973395.217.25.228192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:23.918926954 CET49733443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:31:23.919277906 CET49733443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:31:23.919297934 CET4434973395.217.25.228192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:55.966978073 CET49733443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:31:55.983026028 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:55.983063936 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:55.983141899 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:55.983409882 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:55.983426094 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.617522955 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.617683887 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:56.618236065 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:56.618251085 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.628180027 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:56.628190041 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879353046 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879381895 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879420042 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879427910 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879453897 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879471064 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879471064 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879497051 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879571915 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879700899 CET49741443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:31:56.879719019 CET44349741149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.894196987 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:56.894238949 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:56.894305944 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:56.894510984 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:56.894521952 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:57.525608063 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:57.525679111 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:57.526185989 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:57.526204109 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:57.527879953 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:57.527893066 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.024827003 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.024857998 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.024874926 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.025017023 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:58.025049925 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.025110006 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:58.123934031 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.123961926 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.124044895 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:58.124084949 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.124126911 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:58.148401022 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.148472071 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:58.148492098 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.148511887 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.148530960 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:58.148561954 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:58.149053097 CET49742443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:31:58.149071932 CET44349742104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.162178993 CET49743443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:31:58.162214041 CET4434974395.217.25.228192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:58.162308931 CET49743443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:31:58.162560940 CET49743443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:31:58.162570953 CET4434974395.217.25.228192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:04.411580086 CET5655853192.168.2.4162.159.36.2
                                                                                                                                                                                        Jan 10, 2025 16:32:04.416449070 CET5356558162.159.36.2192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:04.416539907 CET5655853192.168.2.4162.159.36.2
                                                                                                                                                                                        Jan 10, 2025 16:32:04.421386957 CET5356558162.159.36.2192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:04.867213011 CET5655853192.168.2.4162.159.36.2
                                                                                                                                                                                        Jan 10, 2025 16:32:04.872419119 CET5356558162.159.36.2192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:04.872488976 CET5655853192.168.2.4162.159.36.2
                                                                                                                                                                                        Jan 10, 2025 16:32:30.216106892 CET49743443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:32:30.223268986 CET56688443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:32:30.223328114 CET44356688149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:30.223396063 CET56688443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:32:30.223670959 CET56688443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:32:30.223685980 CET44356688149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:30.858942032 CET44356688149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:30.859000921 CET56688443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:32:30.859440088 CET56688443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:32:30.859451056 CET44356688149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:30.861233950 CET56688443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:32:30.861239910 CET44356688149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:31.160044909 CET44356688149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:31.160069942 CET44356688149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:31.160108089 CET44356688149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:31.160104990 CET56688443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:32:31.160125017 CET44356688149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:31.160130978 CET56688443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:32:31.160186052 CET56688443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:32:31.160465002 CET56688443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:32:31.160481930 CET44356688149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:31.172440052 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:31.172478914 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:31.172554970 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:31.172727108 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:31.172743082 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:31.812964916 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:31.813092947 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:31.829608917 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:31.829668999 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:31.847966909 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:31.847997904 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.291430950 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.291456938 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.291474104 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.291497946 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:32.291512966 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.291565895 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:32.386327982 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.386353970 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.386409044 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:32.386423111 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.386461020 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:32.391405106 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.391479015 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:32.391486883 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.391515017 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.391532898 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:32.391549110 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:32.391777039 CET56694443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:32:32.391789913 CET44356694104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.415175915 CET56704443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:32:32.415246010 CET4435670495.217.25.228192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:32.415328979 CET56704443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:32:32.415795088 CET56704443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:32:32.415812016 CET4435670495.217.25.228192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:33:04.482234001 CET56704443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:33:04.483263969 CET56831443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:33:04.483328104 CET44356831149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:33:04.483438015 CET56831443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:33:04.483688116 CET56831443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:33:04.483704090 CET44356831149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:33:05.091289043 CET44356831149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:33:05.092433929 CET56831443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:33:05.092921972 CET56831443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:33:05.092926979 CET44356831149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:33:05.095172882 CET56831443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:33:05.095177889 CET44356831149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:33:05.477257967 CET44356831149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:33:05.477283955 CET44356831149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:33:05.477313042 CET44356831149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:33:05.477344036 CET44356831149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:33:05.477407932 CET56831443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:33:05.477480888 CET56831443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:33:05.477786064 CET56831443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:33:05.477799892 CET44356831149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:05.499576092 CET56832443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:34:05.499633074 CET44356832149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:05.499716043 CET56832443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:34:05.500180006 CET56832443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:34:05.500199080 CET44356832149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:06.162813902 CET44356832149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:06.162889957 CET56832443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:34:06.163366079 CET56832443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:34:06.163378000 CET44356832149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:06.165288925 CET56832443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:34:06.165297985 CET44356832149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:06.426321030 CET44356832149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:06.426350117 CET44356832149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:06.426412106 CET44356832149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:06.426428080 CET56832443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:34:06.426456928 CET56832443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:34:06.426491976 CET56832443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:34:06.428452969 CET56832443192.168.2.4149.154.167.99
                                                                                                                                                                                        Jan 10, 2025 16:34:06.428498030 CET44356832149.154.167.99192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:06.453730106 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:06.453769922 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:06.453939915 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:06.454498053 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:06.454510927 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.103499889 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.103569984 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.104151011 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.104166031 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.106044054 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.106061935 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.625279903 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.625303984 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.625330925 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.625437975 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.625473022 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.625490904 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.625530958 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.724198103 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.724225044 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.724327087 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.724344015 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.724387884 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.728924990 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.728986979 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.733083963 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.733149052 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.733155966 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.733205080 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.734914064 CET56833443192.168.2.4104.102.49.254
                                                                                                                                                                                        Jan 10, 2025 16:34:07.734925985 CET44356833104.102.49.254192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.854852915 CET56834443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:34:07.854913950 CET4435683495.217.25.228192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:34:07.855009079 CET56834443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:34:07.855249882 CET56834443192.168.2.495.217.25.228
                                                                                                                                                                                        Jan 10, 2025 16:34:07.855262995 CET4435683495.217.25.228192.168.2.4

                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Jan 10, 2025 16:31:21.475868940 CET6351453192.168.2.41.1.1.1
                                                                                                                                                                                        Jan 10, 2025 16:31:21.483450890 CET53635141.1.1.1192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:31:22.567130089 CET6270553192.168.2.41.1.1.1
                                                                                                                                                                                        Jan 10, 2025 16:31:22.573985100 CET53627051.1.1.1192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:04.410954952 CET5357050162.159.36.2192.168.2.4
                                                                                                                                                                                        Jan 10, 2025 16:32:04.908973932 CET53494041.1.1.1192.168.2.4

                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                        Jan 10, 2025 16:31:21.475868940 CET192.168.2.41.1.1.10xc51dStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                        Jan 10, 2025 16:31:22.567130089 CET192.168.2.41.1.1.10x5e27Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                        Jan 10, 2025 16:31:21.483450890 CET1.1.1.1192.168.2.40xc51dNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                        Jan 10, 2025 16:31:22.573985100 CET1.1.1.1192.168.2.40x5e27No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                        • t.me
                                                                                                                                                                                        • steamcommunity.com

                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        0192.168.2.449731149.154.167.994431620C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2025-01-10 15:31:22 UTC85OUTGET /gv4dlp HTTP/1.1
                                                                                                                                                                                        Host: t.me
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2025-01-10 15:31:22 UTC510INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                                        Date: Fri, 10 Jan 2025 15:31:22 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Content-Length: 9539
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: stel_ssid=a0c4b95a829891f942_4047978853111478085; expires=Sat, 11 Jan 2025 15:31:22 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-control: no-store
                                                                                                                                                                                        X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                        Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                        Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                        2025-01-10 15:31:22 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        1192.168.2.449732104.102.49.2544431620C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2025-01-10 15:31:23 UTC119OUTGET /profiles/76561199803837316 HTTP/1.1
                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        2025-01-10 15:31:23 UTC1917INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Date: Fri, 10 Jan 2025 15:31:23 GMT
                                                                                                                                                                                        Content-Length: 35600
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Set-Cookie: sessionid=e89b77bf5af12dce371ece1e; Path=/; Secure; SameSite=None
                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                        2025-01-10 15:31:23 UTC14467INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                        2025-01-10 15:31:23 UTC16384INData Raw: 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0a 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6d 61 72 6b 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20
                                                                                                                                                                                        Data Ascii: <a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="submenuitem" href="https://steamcommunity.com/market/">Market</a><a class="submenuitem"
                                                                                                                                                                                        2025-01-10 15:31:23 UTC3768INData Raw: 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 5f 62 61 64 67 65 5f 61 72 65 61 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73
                                                                                                                                                                                        Data Ascii: </div></div><div class="profile_header_badgeinfo"><div class="profile_header_badgeinfo_badge_area"><a data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https
                                                                                                                                                                                        2025-01-10 15:31:23 UTC981INData Raw: 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f
                                                                                                                                                                                        Data Ascii: y <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        2192.168.2.449741149.154.167.994431620C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2025-01-10 15:31:56 UTC143OUTGET /gv4dlp HTTP/1.1
                                                                                                                                                                                        Host: t.me
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Cookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
                                                                                                                                                                                        2025-01-10 15:31:56 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                                        Date: Fri, 10 Jan 2025 15:31:56 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Content-Length: 9538
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-control: no-store
                                                                                                                                                                                        X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                        Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                        Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                        2025-01-10 15:31:56 UTC9538INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        3192.168.2.449742104.102.49.2544431620C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2025-01-10 15:31:57 UTC215OUTGET /profiles/76561199803837316 HTTP/1.1
                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Cookie: sessionid=e89b77bf5af12dce371ece1e; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                                        2025-01-10 15:31:58 UTC1733INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Date: Fri, 10 Jan 2025 15:31:57 GMT
                                                                                                                                                                                        Content-Length: 35600
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2025-01-10 15:31:58 UTC14651INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                        2025-01-10 15:31:58 UTC16384INData Raw: 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09
                                                                                                                                                                                        Data Ascii: et/">Market</a><a class="submenuitem" href="https://steamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">
                                                                                                                                                                                        2025-01-10 15:31:58 UTC3584INData Raw: 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 38 30 33 38 33 37 33 31 36 2f 62 61 64 67 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 22 3e 4c 65 76 65 6c 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 20 6c 76 6c 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65
                                                                                                                                                                                        Data Ascii: quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199803837316/badges"><div class="persona_name persona_level">Level <div class="friendPlayerLevel lvl_0"><span class="friendPlayerLe
                                                                                                                                                                                        2025-01-10 15:31:58 UTC981INData Raw: 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f
                                                                                                                                                                                        Data Ascii: y <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        4192.168.2.456688149.154.167.994431620C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2025-01-10 15:32:30 UTC143OUTGET /gv4dlp HTTP/1.1
                                                                                                                                                                                        Host: t.me
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Cookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
                                                                                                                                                                                        2025-01-10 15:32:31 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                                        Date: Fri, 10 Jan 2025 15:32:31 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Content-Length: 9539
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-control: no-store
                                                                                                                                                                                        X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                        Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                        Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                        2025-01-10 15:32:31 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        5192.168.2.456694104.102.49.2544431620C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2025-01-10 15:32:31 UTC215OUTGET /profiles/76561199803837316 HTTP/1.1
                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Cookie: sessionid=e89b77bf5af12dce371ece1e; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                                        2025-01-10 15:32:32 UTC1733INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Date: Fri, 10 Jan 2025 15:32:32 GMT
                                                                                                                                                                                        Content-Length: 35600
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2025-01-10 15:32:32 UTC14651INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                        2025-01-10 15:32:32 UTC16384INData Raw: 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09
                                                                                                                                                                                        Data Ascii: et/">Market</a><a class="submenuitem" href="https://steamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">
                                                                                                                                                                                        2025-01-10 15:32:32 UTC3584INData Raw: 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 38 30 33 38 33 37 33 31 36 2f 62 61 64 67 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 22 3e 4c 65 76 65 6c 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 20 6c 76 6c 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65
                                                                                                                                                                                        Data Ascii: quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199803837316/badges"><div class="persona_name persona_level">Level <div class="friendPlayerLevel lvl_0"><span class="friendPlayerLe
                                                                                                                                                                                        2025-01-10 15:32:32 UTC981INData Raw: 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f
                                                                                                                                                                                        Data Ascii: y <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        6192.168.2.456831149.154.167.994431620C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2025-01-10 15:33:05 UTC143OUTGET /gv4dlp HTTP/1.1
                                                                                                                                                                                        Host: t.me
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Cookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
                                                                                                                                                                                        2025-01-10 15:33:05 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                                        Date: Fri, 10 Jan 2025 15:33:05 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Content-Length: 9539
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-control: no-store
                                                                                                                                                                                        X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                        Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                        Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                        2025-01-10 15:33:05 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        7192.168.2.456832149.154.167.994431620C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2025-01-10 15:34:06 UTC143OUTGET /gv4dlp HTTP/1.1
                                                                                                                                                                                        Host: t.me
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Cookie: stel_ssid=a0c4b95a829891f942_4047978853111478085
                                                                                                                                                                                        2025-01-10 15:34:06 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                                        Date: Fri, 10 Jan 2025 15:34:06 GMT
                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                        Content-Length: 9539
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                        Cache-control: no-store
                                                                                                                                                                                        X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                        Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                        Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                        2025-01-10 15:34:06 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                        8192.168.2.456833104.102.49.2544431620C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                        2025-01-10 15:34:07 UTC215OUTGET /profiles/76561199803837316 HTTP/1.1
                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Cookie: sessionid=e89b77bf5af12dce371ece1e; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                                        2025-01-10 15:34:07 UTC1733INHTTP/1.1 200 OK
                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                        Date: Fri, 10 Jan 2025 15:34:07 GMT
                                                                                                                                                                                        Content-Length: 35600
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2025-01-10 15:34:07 UTC14651INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                        2025-01-10 15:34:07 UTC16384INData Raw: 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09
                                                                                                                                                                                        Data Ascii: et/">Market</a><a class="submenuitem" href="https://steamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">
                                                                                                                                                                                        2025-01-10 15:34:07 UTC3584INData Raw: 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 38 30 33 38 33 37 33 31 36 2f 62 61 64 67 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 22 3e 4c 65 76 65 6c 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 20 6c 76 6c 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65
                                                                                                                                                                                        Data Ascii: quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199803837316/badges"><div class="persona_name persona_level">Level <div class="friendPlayerLevel lvl_0"><span class="friendPlayerLe
                                                                                                                                                                                        2025-01-10 15:34:07 UTC981INData Raw: 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f
                                                                                                                                                                                        Data Ascii: y <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_


                                                                                                                                                                                        Statistics

                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Behavior

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        System Behavior

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                        Start time:10:31:19
                                                                                                                                                                                        Start date:10/01/2025
                                                                                                                                                                                        Path:C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\4hQFnbWlj8.exe"
                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                        File size:1'122'304 bytes
                                                                                                                                                                                        MD5 hash:4CE2CE1838B14B0DDA1477B7D5C57E9E
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                        Start time:10:31:19
                                                                                                                                                                                        Start date:10/01/2025
                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                        General

                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                        Start time:10:31:20
                                                                                                                                                                                        Start date:10/01/2025
                                                                                                                                                                                        Path:C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\4hQFnbWlj8.exe"
                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                        File size:1'122'304 bytes
                                                                                                                                                                                        MD5 hash:4CE2CE1838B14B0DDA1477B7D5C57E9E
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                        Disassembly

                                                                                                                                                                                        Reset < >

                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                          Execution Coverage:2.7%
                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                          Signature Coverage:24.6%
                                                                                                                                                                                          Total number of Nodes:203
                                                                                                                                                                                          Total number of Limit Nodes:13
                                                                                                                                                                                          execution_graph 31225 7c8a7c 43 API calls ___free_lconv_mon 31226 7b7c78 34 API calls 31227 74d470 7 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31318 7bb17e GetCommandLineA GetCommandLineW 31229 7afc70 67 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31230 7b8a74 40 API calls 2 library calls 31041 7b9c6a 31042 7b9c76 __FrameHandler3::FrameUnwindToState 31041->31042 31066 7b803e 31042->31066 31044 7b9c7d 31045 7b9dd6 31044->31045 31053 7b9ca7 ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 31044->31053 31085 7b90e0 4 API calls 2 library calls 31045->31085 31047 7b9ddd 31086 7bcfdf 21 API calls __FrameHandler3::FrameUnwindToState 31047->31086 31049 7b9de3 31087 7bcff5 21 API calls __FrameHandler3::FrameUnwindToState 31049->31087 31051 7b9deb 31052 7b9cc6 31053->31052 31056 7b9d47 31053->31056 31081 7bd029 39 API calls 3 library calls 31053->31081 31077 7bdb56 31056->31077 31057 7b9d4d 31058 7b9d64 31057->31058 31082 7b908a GetModuleHandleW 31058->31082 31060 7b9d6e 31060->31047 31061 7b9d72 31060->31061 31062 7b9d7b 31061->31062 31083 7bd00b 21 API calls __FrameHandler3::FrameUnwindToState 31061->31083 31084 7b8077 75 API calls ___scrt_uninitialize_crt 31062->31084 31065 7b9d84 31065->31052 31067 7b8047 31066->31067 31088 7b9251 IsProcessorFeaturePresent 31067->31088 31069 7b8053 31089 7ba5e8 10 API calls 2 library calls 31069->31089 31071 7b8058 31072 7b805c 31071->31072 31090 7baf97 31071->31090 31072->31044 31075 7b8073 31075->31044 31078 7bdb64 31077->31078 31079 7bdb5f 31077->31079 31078->31057 31103 7bdc7f 53 API calls 31079->31103 31081->31056 31082->31060 31083->31062 31084->31065 31085->31047 31086->31049 31087->31051 31088->31069 31089->31071 31094 7c0c9c 31090->31094 31093 7ba607 7 API calls 2 library calls 31093->31072 31095 7c0cac 31094->31095 31096 7b8065 31094->31096 31095->31096 31098 7c02d3 31095->31098 31096->31075 31096->31093 31099 7c02da 31098->31099 31100 7c031d GetStdHandle 31099->31100 31101 7c037f 31099->31101 31102 7c0330 GetFileType 31099->31102 31100->31099 31101->31095 31102->31099 31103->31078 31322 7bfb68 16 API calls __dosmaperr 31323 73bf60 79 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31325 751d60 39 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31233 78a260 73 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31234 7ba660 40 API calls 5 library calls 31236 7b8264 66 API calls __Mtx_unlock 31237 7b9c58 30 API calls 31238 7bb05e 15 API calls 2 library calls 31239 7b7c5e 34 API calls 31241 7ba45c 52 API calls 2 library calls 31244 7b8a52 WakeAllConditionVariable 31328 7aa950 32 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31245 7b7c48 33 API calls 31247 74ca40 8 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31331 7bfb4d GetProcessHeap 31332 7b974d 41 API calls 31254 7b8a47 WakeConditionVariable 31104 73a330 31108 73a38c 31104->31108 31105 73a4e4 31110 7b7d26 31105->31110 31107 73a4f4 31108->31105 31109 73c5a0 72 API calls 31108->31109 31109->31108 31111 7b7d2f IsProcessorFeaturePresent 31110->31111 31112 7b7d2e 31110->31112 31114 7b8f75 31111->31114 31112->31107 31117 7b905a SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31114->31117 31116 7b9058 31116->31107 31117->31116 31256 753430 29 API calls 2 library calls 31341 7b7d34 44 API calls 31258 759e20 46 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31162 7ab520 31164 7ab57c 31162->31164 31163 7ab6b0 65 API calls 31163->31164 31164->31163 31165 7ab663 31164->31165 31166 7b7d26 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 31165->31166 31167 7ab676 31166->31167 31343 7baf27 7 API calls ___scrt_uninitialize_crt 31344 7bb126 73 API calls 2 library calls 31345 7c911f 20 API calls 31347 7c3319 11 API calls __strnicoll 31262 7b8413 41 API calls __EH_prolog3 31351 7b8d10 ReleaseSRWLockExclusive 31265 7c3612 49 API calls 3 library calls 31266 731000 5 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31267 73c200 45 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31353 75a500 65 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31268 7b8a03 41 API calls _unexpected 31355 7b91fb 49 API calls _unexpected 31126 7525f0 31128 75264c 31126->31128 31127 75275c 31129 7b7d26 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 31127->31129 31128->31127 31131 7527a0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31128->31131 31130 752771 31129->31130 31131->31128 31359 7c01f1 15 API calls 31277 7bb6f4 66 API calls 31279 7be0ef 7 API calls 31280 7b8cee RtlTryAcquireSRWLockExclusive 31361 7b9dec GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 31282 7b8ce3 AcquireSRWLockExclusive 31362 7c89d8 43 API calls 2 library calls 31168 7b82d0 31189 7b8235 GetModuleHandleExW 31168->31189 31171 7b8235 Concurrency::details::_Reschedule_chore GetModuleHandleExW 31173 7b8323 31171->31173 31175 7b8344 31173->31175 31203 7b8218 GetModuleHandleExW 31173->31203 31174 7b8309 31202 755950 57 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31174->31202 31191 784da0 31175->31191 31178 7b830f __Mtx_unlock 31178->31171 31179 7b8334 31179->31175 31180 7b833a FreeLibraryWhenCallbackReturns 31179->31180 31180->31175 31182 7b8235 Concurrency::details::_Reschedule_chore GetModuleHandleExW 31183 7b835a 31182->31183 31187 7b836b __Mtx_unlock __Cnd_broadcast 31183->31187 31204 7b8c01 13 API calls 31183->31204 31185 7b8365 31205 755950 57 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31185->31205 31190 7b824b 31189->31190 31190->31178 31201 7b8c01 13 API calls 31190->31201 31198 784dfc 31191->31198 31192 784f84 31193 7b7d26 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 31192->31193 31194 784f90 31193->31194 31194->31182 31195 785200 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31195->31198 31196 7853a0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31196->31198 31197 7859f0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31197->31198 31198->31192 31198->31195 31198->31196 31198->31197 31199 7855d0 6 API calls 31198->31199 31206 795870 31198->31206 31199->31198 31201->31174 31202->31178 31203->31179 31204->31185 31205->31187 31212 7958cc 31206->31212 31207 7959f7 31208 7b7d26 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 31207->31208 31209 795a03 31208->31209 31209->31198 31210 795db0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31210->31212 31211 795f60 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31211->31212 31212->31207 31212->31210 31212->31211 31213 7960e0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31212->31213 31215 7a3340 31212->31215 31213->31212 31217 7a3397 31215->31217 31216 7a53f0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31216->31217 31217->31216 31218 7a5550 73 API calls 31217->31218 31219 7a4ca0 65 API calls 31217->31219 31220 76f780 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31217->31220 31221 7a382f 31217->31221 31224 7a5260 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31217->31224 31218->31217 31219->31217 31220->31217 31222 7b7d26 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 31221->31222 31223 7a383b 31222->31223 31223->31212 31224->31217 31286 7bf6cb FreeLibrary 31288 7b8cc1 LeaveCriticalSection 31367 7b83c1 14 API calls 2 library calls 31368 7c9fc7 IsProcessorFeaturePresent 31369 745db0 30 API calls 2 library calls 31291 7764b0 68 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31132 7b7cb2 31135 7b7cb7 31132->31135 31134 7b7cd1 31135->31134 31137 7b7cd3 31135->31137 31148 7be3f4 31135->31148 31155 7bd311 EnterCriticalSection LeaveCriticalSection __dosmaperr 31135->31155 31143 7b8f42 31137->31143 31156 7b9f57 RaiseException 31137->31156 31139 7b8f51 31158 7b9f57 RaiseException 31139->31158 31142 7b8f5f IsProcessorFeaturePresent 31145 7b8f75 31142->31145 31157 7459e0 5 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31143->31157 31159 7b905a SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 31145->31159 31147 7b9058 31153 7c160d __dosmaperr 31148->31153 31149 7c164b 31161 7c1415 14 API calls __dosmaperr 31149->31161 31151 7c1636 RtlAllocateHeap 31152 7c1649 31151->31152 31151->31153 31152->31135 31153->31149 31153->31151 31160 7bd311 EnterCriticalSection LeaveCriticalSection __dosmaperr 31153->31160 31155->31135 31156->31143 31157->31139 31158->31142 31159->31147 31160->31153 31161->31152 31118 7d61a9 31120 7d61df 31118->31120 31119 7d632c GetPEB 31121 7d633e CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 31119->31121 31120->31119 31120->31121 31121->31120 31122 7d63e5 WriteProcessMemory 31121->31122 31123 7d642a 31122->31123 31124 7d646c WriteProcessMemory Wow64SetThreadContext ResumeThread 31123->31124 31125 7d642f WriteProcessMemory 31123->31125 31125->31123 31376 747ba0 19 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 31380 7b9ba5 60 API calls __RTC_Initialize 31381 7b9da5 21 API calls __FrameHandler3::FrameUnwindToState 31305 7b8c9f TryEnterCriticalSection 31309 7b7c90 32 API calls 31387 7c0191 34 API calls __FrameHandler3::FrameUnwindToState 31310 7b8c94 EnterCriticalSection 31311 7c508c 49 API calls 31313 7b8c89 DeleteCriticalSection

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 007D61A9 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,007D611B,007D610B), ref: 007D633F
                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 007D6352
                                                                                                                                                                                          • Wow64GetThreadContext.KERNEL32(000000A0,00000000), ref: 007D6370
                                                                                                                                                                                          • ReadProcessMemory.KERNELBASE(0000009C,?,007D615F,00000004,00000000), ref: 007D6394
                                                                                                                                                                                          • VirtualAllocEx.KERNELBASE(0000009C,?,?,00003000,00000040), ref: 007D63BF
                                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(0000009C,00000000,?,?,00000000,?), ref: 007D6417
                                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(0000009C,00400000,?,?,00000000,?,00000028), ref: 007D6462
                                                                                                                                                                                          • WriteProcessMemory.KERNELBASE(0000009C,?,?,00000004,00000000), ref: 007D64A0
                                                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(000000A0,029B0000), ref: 007D64DC
                                                                                                                                                                                          • ResumeThread.KERNELBASE(000000A0), ref: 007D64EB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                                          • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                                          • API String ID: 2687962208-3857624555
                                                                                                                                                                                          • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                          • Instruction ID: 18dad1dceb74f88b220e6ddeb25c51ce20eebc95c568e6f2f4b3595d3b8e430b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                          • Instruction Fuzzy Hash: 67B1F67660028AAFDB60CF68CC80BDA77B5FF88714F158125EA08AB341D774FA51CB94
                                                                                                                                                                                          Function 007624E0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 320COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 26 7624e0-762534 27 762537-762545 26->27 28 762673-7626dd call 7543a0 27->28 29 76254b-762558 27->29 37 76290b 28->37 32 762742-7627b5 call 7b8613 29->32 33 76255e-76256b 29->33 32->37 39 762571-76257e 33->39 40 7627ba-762802 33->40 37->27 42 7628d4-7628e0 call 7b8613 39->42 43 762584-762591 39->43 40->37 42->37 43->40 47 762597-7625a4 43->47 49 7626e2-7626f7 47->49 50 7625aa-7625b7 47->50 49->37 52 762626-76266e 50->52 53 7625bd-7625ca 50->53 52->37 55 762807-762820 call 754530 53->55 56 7625d0-7625dd 53->56 65 762826-762894 55->65 59 7625e3-7625f0 56->59 60 7626fc-76273d 56->60 63 7625f6-762603 59->63 64 7628b9-7628cf call 7543a0 59->64 60->37 68 762899-7628b8 call 7b7d26 63->68 69 762609-762616 63->69 64->37 65->37 73 7628e5-762904 call 754530 69->73 74 76261c-762621 69->74 73->37 74->37
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ]"-R$]"-R
                                                                                                                                                                                          • API String ID: 0-2731245574
                                                                                                                                                                                          • Opcode ID: 9e53b5034c6257da8f1bc6c8c8f5997d86f993ad4817ab0281bdd29f8734f02b
                                                                                                                                                                                          • Instruction ID: 80b01ddc9c0a3ab017a556f14f3f23ebf3551248c4463b298c60c792e75ded01
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e53b5034c6257da8f1bc6c8c8f5997d86f993ad4817ab0281bdd29f8734f02b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 72B11736F405058FCB44CF7CD5A47ED77F2AB89320F288219D857AB392CA2A5C069B54
                                                                                                                                                                                          Function 0077E340 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 298COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 114 77e340-77e394 115 77e397-77e3a5 114->115 116 77e6e6-77e6fc call 77c4c0 115->116 117 77e3ab-77e3b8 115->117 123 77e738 116->123 121 77e701-77e70d call 7b8613 117->121 122 77e3be-77e3cb 117->122 121->123 127 77e5d4-77e63b 122->127 128 77e3d1-77e3de 122->128 123->115 127->123 130 77e535-77e57d 128->130 131 77e3e4-77e3f1 128->131 130->123 133 77e3f7-77e404 131->133 134 77e4ac-77e516 call 77c4c0 131->134 137 77e486-77e4a7 133->137 138 77e40a-77e417 133->138 134->123 137->123 141 77e640-77e65c call 77c680 call 7acb50 138->141 142 77e41d-77e42a 138->142 149 77e65f-77e6cd 141->149 145 77e430-77e43d 142->145 146 77e51b-77e530 142->146 150 77e443-77e450 145->150 151 77e712-77e731 call 77c680 145->151 146->123 149->123 154 77e456-77e463 150->154 155 77e582-77e5cf call 7b8613 150->155 151->123 160 77e6d2-77e6e5 call 7b7d26 154->160 161 77e469-77e476 154->161 155->123 161->127 165 77e47c-77e481 161->165 165->123
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: @^i
                                                                                                                                                                                          • API String ID: 0-317961709
                                                                                                                                                                                          • Opcode ID: 7226009fa4675b6c1d951e44558145158a56ce6ebd11d014b535c2bbcafcdbb4
                                                                                                                                                                                          • Instruction ID: 8d437a724400fe0c884e756ce7cb8ce05ebafcee19a463a09cb2a1b9702ef3dc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7226009fa4675b6c1d951e44558145158a56ce6ebd11d014b535c2bbcafcdbb4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FA11736A11105CFCF08CE7CD5947ED7BF2AB4D390F24C1AAD419AB3A1DA398D069B64
                                                                                                                                                                                          Function 007A6CD0 Relevance: 3.3, APIs: 2, Instructions: 302COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 169 7a6cd0-7a6d1e 170 7a6d21-7a6d2f 169->170 171 7a7094-7a70a0 call 7b8613 170->171 172 7a6d35-7a6d42 170->172 178 7a70cb 171->178 175 7a6d48-7a6d55 172->175 176 7a6ecc-7a6ee1 172->176 180 7a6d5b-7a6d68 175->180 181 7a6f85-7a6fc6 175->181 176->178 178->170 183 7a7079-7a708f call 7a73c0 180->183 184 7a6d6e-7a6d7b 180->184 181->178 183->178 184->181 187 7a6d81-7a6d8e 184->187 190 7a6fcb-7a6fe4 call 7a7580 187->190 191 7a6d94-7a6da1 187->191 198 7a6fea-7a7056 190->198 195 7a6ee6-7a6f2e 191->195 196 7a6da7-7a6db4 191->196 195->178 199 7a6dba-7a6dc7 196->199 200 7a6e5d-7a6ec7 call 7a73c0 196->200 198->178 203 7a705b-7a7078 call 7b7d26 199->203 204 7a6dcd-7a6dda 199->204 200->178 208 7a6f33-7a6f80 call 7b8613 204->208 209 7a6de0-7a6ded 204->209 208->178 214 7a6df3-7a6e00 209->214 215 7a70a5-7a70c4 call 7a7580 209->215 219 7a6e10-7a6e58 214->219 220 7a6e06-7a6e0b 214->220 215->178 219->178 220->178
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 007A7094
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                                                                          • Opcode ID: dead7923d86eb1aef593f3d6a8a16dc88eaf7c4a6ef4bc5040bcfbf80febc215
                                                                                                                                                                                          • Instruction ID: a8b83a461fb438869d4a08c84478b87ce40694b2422d912217610a0e032f6312
                                                                                                                                                                                          • Opcode Fuzzy Hash: dead7923d86eb1aef593f3d6a8a16dc88eaf7c4a6ef4bc5040bcfbf80febc215
                                                                                                                                                                                          • Instruction Fuzzy Hash: 97A10236B041058FCB08CFBCD9946EE7BF2ABCA310F19821AD546A7395CA3A5D06DB54
                                                                                                                                                                                          Function 007A3340 Relevance: 1.7, Strings: 1, Instructions: 417COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 400 7a3340-7a3394 401 7a3397-7a33a5 400->401 402 7a33ab-7a33b8 401->402 403 7a3619-7a366b call 7a5260 401->403 406 7a33be-7a33cb 402->406 407 7a3670-7a3677 402->407 409 7a38cf 403->409 411 7a3843-7a3865 call 76f780 call 7a4ca0 406->411 412 7a33d1-7a33de 406->412 407->409 409->401 411->409 416 7a3880-7a38c3 call 76f780 call 7a53f0 call 7a5550 call 76f780 call 7b8198 412->416 417 7a33e4-7a33f1 412->417 416->409 423 7a358c-7a35a1 417->423 424 7a33f7-7a3404 417->424 423->409 428 7a340a-7a3417 424->428 429 7a38c8 424->429 433 7a341d-7a342a 428->433 434 7a36c2-7a36e0 call 76f780 call 7a53f0 call 7a5550 428->434 429->409 439 7a3430-7a343d 433->439 440 7a3757-7a37be 433->440 455 7a36e5-7a3746 call 76f780 call 7b8198 434->455 446 7a34f8-7a3587 call 76f780 call 7a4ca0 439->446 447 7a3443-7a3450 439->447 440->409 446->409 452 7a374b-7a3752 447->452 453 7a3456-7a3463 447->453 452->409 459 7a3469-7a3476 453->459 460 7a35a6-7a3614 453->460 455->409 465 7a367c-7a36bd 459->465 466 7a347c-7a3489 459->466 460->409 465->409 469 7a348f-7a349c 466->469 470 7a37c3-7a382a 466->470 472 7a382f-7a3842 call 7b7d26 469->472 473 7a34a2-7a34af 469->473 470->409 476 7a386a-7a387b call 7a5260 473->476 477 7a34b5-7a34c2 473->477 476->409 481 7a34c8-7a34cd 477->481 482 7a34d2-7a34f3 477->482 481->409 482->409
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 9G3
                                                                                                                                                                                          • API String ID: 0-878525
                                                                                                                                                                                          • Opcode ID: 615ec769e6902399dce2d020dabffb9d370397a4b34abf300be5892709b0f6d1
                                                                                                                                                                                          • Instruction ID: 12f26210a5db0c29d98bd9031c6e6b3b005ca86fdd3b514978dc77289fb8b5b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 615ec769e6902399dce2d020dabffb9d370397a4b34abf300be5892709b0f6d1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BD12A76B00211CFDF04CE7CD4A97EE37E2A78A324F145729E406BB391DA3D990A9B54
                                                                                                                                                                                          Function 007ADB80 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 500 7adb80-7adbd9 501 7adbdc-7adbea 500->501 502 7adc80-7adc8a call 7add30 501->502 503 7adbf0-7adbfd 501->503 508 7adc8f-7adcf6 502->508 506 7adcfb-7add0e call 7b7d26 503->506 507 7adc03-7adc10 503->507 512 7add0f-7add1e call 7add30 507->512 513 7adc16-7adc23 507->513 510 7add25 508->510 510->501 512->510 517 7adc29-7adc2e 513->517 518 7adc33-7adc7b 513->518 517->510 518->510
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: T
                                                                                                                                                                                          • API String ID: 0-1948115984
                                                                                                                                                                                          • Opcode ID: 129e3293d7685a0c1666c3b7f8e608691947ffad34ce0c2421982cbc58237b7d
                                                                                                                                                                                          • Instruction ID: e58dbf89900ee727fd94a6ac8b627100a828ca15cc299371593a38ed224d1ff1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 129e3293d7685a0c1666c3b7f8e608691947ffad34ce0c2421982cbc58237b7d
                                                                                                                                                                                          • Instruction Fuzzy Hash: F6411436A402158FCB14CE7CD4A57EF7BB5A78A330F15071AD9129B790CA2E9C09CB90
                                                                                                                                                                                          Function 0073C5A0 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 521 73c5a0-73c60d 522 73c610-73c61e 521->522 523 73c7a7-73c80f call 73c820 call 7bb236 522->523 524 73c624-73c631 522->524 540 73c816 523->540 527 73c637-73c644 524->527 528 73c6b4-73c714 call 73c820 call 7bb236 524->528 534 73c64a-73c657 527->534 535 73c78c-73c7a6 call 7b7d26 527->535 541 73c719-73c787 528->541 543 73c667-73c6af 534->543 544 73c65d-73c662 534->544 540->522 541->540 543->540 544->540
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 17ba5495458f262e896f8b0e257f991dac26f1ad3127cdc6d075df3292772d37
                                                                                                                                                                                          • Instruction ID: 8c2b333a962b0f6dc066250ebaf08a1fffa65a76c1a657c15165687d973bc556
                                                                                                                                                                                          • Opcode Fuzzy Hash: 17ba5495458f262e896f8b0e257f991dac26f1ad3127cdc6d075df3292772d37
                                                                                                                                                                                          • Instruction Fuzzy Hash: D2815E75E002098FDB00CF6DD5416DEFBF6FB89320F25825AD814AB351D63AA905CF90
                                                                                                                                                                                          Function 00784DA0 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: df5279146d35f918839b0107c27d06da1b9232c877326babf55099210bef3674
                                                                                                                                                                                          • Instruction ID: 37c058e3a7d805ff2645e913d7bffdea9d8a5b231bac9e77e6e4599137b372bc
                                                                                                                                                                                          • Opcode Fuzzy Hash: df5279146d35f918839b0107c27d06da1b9232c877326babf55099210bef3674
                                                                                                                                                                                          • Instruction Fuzzy Hash: A861F7B1E40604CFCB04EFBCD4956EEBBF6BB48320F25462DD811A7391DA7A9805CB91
                                                                                                                                                                                          Function 0073A330 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b4eea5527ea832e41f0ae4ecdc589177e508023c6045d5123c47a3e0cbdd0c04
                                                                                                                                                                                          • Instruction ID: 44ff421f820ee588e6b5d4a28190b6a06615c06b97369283af87d856e17d3451
                                                                                                                                                                                          • Opcode Fuzzy Hash: b4eea5527ea832e41f0ae4ecdc589177e508023c6045d5123c47a3e0cbdd0c04
                                                                                                                                                                                          • Instruction Fuzzy Hash: B861CFB6E012189FDB04DF6CC4867EEBBF1FB48320F15812ED855A7351D63A99058F92
                                                                                                                                                                                          Function 00752ED0 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 61d73f8d26286ea4f56b4318f3fb59b005a74132ead78f421b6e0917d23a7dd9
                                                                                                                                                                                          • Instruction ID: d9ed902d0720394d24a95fc13c2c16d30cd416d9fa832e394c47a6382de20a65
                                                                                                                                                                                          • Opcode Fuzzy Hash: 61d73f8d26286ea4f56b4318f3fb59b005a74132ead78f421b6e0917d23a7dd9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B512376A002058FDB04CF7CC4917EF7BF6AB8A331F254219D955673A1CA3A5D0ACB91
                                                                                                                                                                                          Function 007ACB50 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 72543ac3ecb3964ce8057854e7171192b70f4478a59283e1486c72c40a22ce56
                                                                                                                                                                                          • Instruction ID: 56a4a4cfe369bb83d5dc7bbac6bc919b801ce05b89e52ef5f21ff09b1003a0ab
                                                                                                                                                                                          • Opcode Fuzzy Hash: 72543ac3ecb3964ce8057854e7171192b70f4478a59283e1486c72c40a22ce56
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E4156B6E042148FDF05DA7CD8A53EF7BF5AB46330F154329C925AB3D1D62A99088B90
                                                                                                                                                                                          Function 007AD9C0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f7d65ddbc4f553cab7771ece290e2bf82021983f635ba4e79ff048ba56e5f995
                                                                                                                                                                                          • Instruction ID: 3504ad71f3e64c7df48ffc32bbb44f837e317683cf6224e131f81e56b6019f22
                                                                                                                                                                                          • Opcode Fuzzy Hash: f7d65ddbc4f553cab7771ece290e2bf82021983f635ba4e79ff048ba56e5f995
                                                                                                                                                                                          • Instruction Fuzzy Hash: DC4127B6E442118FDB00DEBCC8953EF7BF19B86320F168329C5269B791D63E9D098B51
                                                                                                                                                                                          Function 007AB850 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c69186a470bf79431d5bcd8b8571a4ae89490b2b78798125147d7b0b8f84b2f8
                                                                                                                                                                                          • Instruction ID: 847b2163c8aee5556e8e2f1015389e4c65e6de91bd1bf4c14f59e18b837a479e
                                                                                                                                                                                          • Opcode Fuzzy Hash: c69186a470bf79431d5bcd8b8571a4ae89490b2b78798125147d7b0b8f84b2f8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 59410A32A002158FDF04DE7CD4A57EF7BF6A78A330F254359D6259B3D1C62E68098B90
                                                                                                                                                                                          Function 007B82D0 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007B8235: GetModuleHandleExW.KERNEL32(00000002,00000000,007848DE,?,?,007B81F8,?,?,007B81C9,?,?,007848DE,?,?,?,?), ref: 007B8241
                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 007B8316
                                                                                                                                                                                          • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,8EC73E86,?,?,?,007CB8A7,000000FF), ref: 007B833E
                                                                                                                                                                                          • __Mtx_unlock.LIBCPMT ref: 007B8379
                                                                                                                                                                                          • __Cnd_broadcast.LIBCPMT ref: 007B838A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 420990631-0
                                                                                                                                                                                          • Opcode ID: 70ed34390950e901a9bfd4c1ae0e40aae89ba892fdc209ca6e602bf8682f1772
                                                                                                                                                                                          • Instruction ID: 1e4618ff1ce39facc2d416a113d6a1eaec0f703a719e242813f324442d51ccff
                                                                                                                                                                                          • Opcode Fuzzy Hash: 70ed34390950e901a9bfd4c1ae0e40aae89ba892fdc209ca6e602bf8682f1772
                                                                                                                                                                                          • Instruction Fuzzy Hash: 63119072901600EBCB917F60DD5AB9E77BCFB45F60B04402AF91993291DF3DE800DAA6
                                                                                                                                                                                          Function 007C51BA Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 223 7c51ba-7c51dc 224 7c53cf 223->224 225 7c51e2-7c51e4 223->225 228 7c53d1-7c53d5 224->228 226 7c51e6-7c5205 call 7be012 225->226 227 7c5210-7c5233 225->227 236 7c5208-7c520b 226->236 230 7c5239-7c523f 227->230 231 7c5235-7c5237 227->231 230->226 233 7c5241-7c5252 230->233 231->230 231->233 234 7c5254-7c5262 call 7c8b51 233->234 235 7c5265-7c5275 call 7c54e7 233->235 234->235 241 7c52be-7c52d0 235->241 242 7c5277-7c527d 235->242 236->228 243 7c5327-7c5347 WriteFile 241->243 244 7c52d2-7c52d8 241->244 245 7c527f-7c5282 242->245 246 7c52a6-7c52bc call 7c5564 242->246 251 7c5349-7c534f GetLastError 243->251 252 7c5352 243->252 247 7c52da-7c52dd 244->247 248 7c5313-7c5320 call 7c5993 244->248 249 7c528d-7c529c call 7c592b 245->249 250 7c5284-7c5287 245->250 261 7c529f-7c52a1 246->261 255 7c52ff-7c5311 call 7c5b57 247->255 256 7c52df-7c52e2 247->256 268 7c5325 248->268 249->261 250->249 257 7c5367-7c536a 250->257 251->252 254 7c5355-7c5360 252->254 262 7c53ca-7c53cd 254->262 263 7c5362-7c5365 254->263 273 7c52fa-7c52fd 255->273 264 7c536d-7c536f 256->264 265 7c52e8-7c52f5 call 7c5a6e 256->265 257->264 261->254 262->228 263->257 269 7c539d-7c53a9 264->269 270 7c5371-7c5376 264->270 265->273 268->273 276 7c53ab-7c53b1 269->276 277 7c53b3-7c53c5 269->277 274 7c538f-7c5398 call 7c14a1 270->274 275 7c5378-7c538a 270->275 273->261 274->236 275->236 276->224 276->277 277->236
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007C5564: GetConsoleOutputCP.KERNEL32(8EC73E86,00000000,00000000,?), ref: 007C55C7
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,007BB6E2,?,007BB944), ref: 007C533F
                                                                                                                                                                                          • GetLastError.KERNEL32(?,007BB6E2,?,007BB944,?,007BB944,?,?,?,?,?,?,?,?,?,?), ref: 007C5349
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2915228174-0
                                                                                                                                                                                          • Opcode ID: ebb13aff87e4b7fcdeeacb19510190ab665a973d33706d513389fc4df19d08ff
                                                                                                                                                                                          • Instruction ID: ec112af56ed7bdfc00d9b0b5c7e46393da77ddd92123630d60ec63047d6a62b4
                                                                                                                                                                                          • Opcode Fuzzy Hash: ebb13aff87e4b7fcdeeacb19510190ab665a973d33706d513389fc4df19d08ff
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C61A1B1900659AFDF11DFA8C844FEEBBB9BF19308F19414DE804A7242D77AE981CB50
                                                                                                                                                                                          Function 007B7CB2 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 280 7b7cb2-7b7cb5 281 7b7cc4-7b7cc7 call 7be3f4 280->281 283 7b7ccc-7b7ccf 281->283 284 7b7cd1-7b7cd2 283->284 285 7b7cb7-7b7cc2 call 7bd311 283->285 285->281 288 7b7cd3-7b7cd7 285->288 289 7b7cdd-7b8f42 call 7b85a9 call 7b9f57 288->289 290 7b8f43-7b8f73 call 7459e0 call 7b9f57 IsProcessorFeaturePresent 288->290 289->290 301 7b8f7a-7b9059 call 7b905a 290->301 302 7b8f75-7b8f78 290->302 302->301
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 007B8F6B
                                                                                                                                                                                          • ___raise_securityfailure.LIBCMT ref: 007B9053
                                                                                                                                                                                            • Part of subcall function 007B9F57: RaiseException.KERNEL32(E06D7363,00000001,00000003,007B8F5F,6B102C10,?,?,?,007B8F5F,?,007D47BC), ref: 007B9FB7
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFeaturePresentProcessorRaise___raise_securityfailure
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3749517692-0
                                                                                                                                                                                          • Opcode ID: 865bcfd9e5422aac742ac1a89f4d33318fede284cd2eaeac41410dd841133479
                                                                                                                                                                                          • Instruction ID: 04bc3c36606292be76b9ea9fd06f9b713e6a199f824fd0f47455ac2a7ec32219
                                                                                                                                                                                          • Opcode Fuzzy Hash: 865bcfd9e5422aac742ac1a89f4d33318fede284cd2eaeac41410dd841133479
                                                                                                                                                                                          • Instruction Fuzzy Hash: C0315BB5501304EBDB14EF69FC46B947BB8AB08310F11C12BEB098B6A1E77C9A40CB49
                                                                                                                                                                                          Function 007C5993 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 305 7c5993-7c59e8 call 7b9a90 308 7c5a5d-7c5a6d call 7b7d26 305->308 309 7c59ea 305->309 310 7c59f0 309->310 313 7c59f6-7c59f8 310->313 314 7c59fa-7c59ff 313->314 315 7c5a12-7c5a37 WriteFile 313->315 316 7c5a08-7c5a10 314->316 317 7c5a01-7c5a07 314->317 318 7c5a39-7c5a44 315->318 319 7c5a55-7c5a5b GetLastError 315->319 316->313 316->315 317->316 318->308 320 7c5a46-7c5a51 318->320 319->308 320->310 321 7c5a53 320->321 321->308
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,007C5325,?,007BB944,?,?,?,00000000), ref: 007C5A2F
                                                                                                                                                                                          • GetLastError.KERNEL32(?,007C5325,?,007BB944,?,?,?,00000000,?,?,?,?,?,007BB6E2,?,007BB944), ref: 007C5A55
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 442123175-0
                                                                                                                                                                                          • Opcode ID: 796bc537767c6c5c6cd54dd35889db91a743feb921f3cddfa47b23e515814188
                                                                                                                                                                                          • Instruction ID: 65d9c766082d50c4b83b5094ec66880abcf2aab5fde18bd2ae9a89a9e2d0790a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 796bc537767c6c5c6cd54dd35889db91a743feb921f3cddfa47b23e515814188
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D218230A00619DBCB19CF19DC80EDDB7BABB49301B1481AEE906D7211E635EE82CB65
                                                                                                                                                                                          Function 007C02D3 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 322 7c02d3-7c02d8 323 7c02da-7c02f2 322->323 324 7c02f4-7c02f8 323->324 325 7c0300-7c0309 323->325 324->325 328 7c02fa-7c02fe 324->328 326 7c031b 325->326 327 7c030b-7c030e 325->327 331 7c031d-7c032a GetStdHandle 326->331 329 7c0317-7c0319 327->329 330 7c0310-7c0315 327->330 332 7c0375-7c0379 328->332 329->331 330->331 333 7c032c-7c032e 331->333 334 7c0357-7c0369 331->334 332->323 335 7c037f-7c0382 332->335 333->334 336 7c0330-7c0339 GetFileType 333->336 334->332 337 7c036b-7c036e 334->337 336->334 338 7c033b-7c0344 336->338 337->332 339 7c034c-7c034f 338->339 340 7c0346-7c034a 338->340 339->332 341 7c0351-7c0355 339->341 340->332 341->332
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,007C01C2,007D4E30,0000000C), ref: 007C031F
                                                                                                                                                                                          • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,007C01C2,007D4E30,0000000C), ref: 007C0331
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileHandleType
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3000768030-0
                                                                                                                                                                                          • Opcode ID: 34de38cfc0f3e3598741828cc9f92daf83d99ea0edaf3441ea04691d131eab48
                                                                                                                                                                                          • Instruction ID: 118e59f7614bc3ddd57f694049cd6c40b93fb0025d59a86ebbf89c59c542d7c2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 34de38cfc0f3e3598741828cc9f92daf83d99ea0edaf3441ea04691d131eab48
                                                                                                                                                                                          • Instruction Fuzzy Hash: 55117F22104781DBCB344A3E8C8CF26ABA5A75B330B38071ED1B6865F1C77CD985D6D5
                                                                                                                                                                                          Function 007C160D Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                          • Executed
                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                          control_flow_graph 485 7c160d-7c1619 486 7c164b-7c1656 call 7c1415 485->486 487 7c161b-7c161d 485->487 494 7c1658-7c165a 486->494 489 7c161f-7c1620 487->489 490 7c1636-7c1647 RtlAllocateHeap 487->490 489->490 491 7c1649 490->491 492 7c1622-7c1629 call 7be327 490->492 491->494 492->486 497 7c162b-7c1634 call 7bd311 492->497 497->486 497->490
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,6865CFF9,?,007B7CCC,?,?,007457A5,?), ref: 007C163F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                          • Opcode ID: 12372c48ea690f9360618700f2304dda300c4b8d19df4c121dc99795e20dc8f7
                                                                                                                                                                                          • Instruction ID: 628dea46d707c621e3fb65ed6596dc6790c6abe11840dab345bc98a308b43fe4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 12372c48ea690f9360618700f2304dda300c4b8d19df4c121dc99795e20dc8f7
                                                                                                                                                                                          • Instruction Fuzzy Hash: F2E0E52110121196D63066259D04F9A3BAC9B433B0F9D013DFC14B7192DF1CCD0186A5

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 00778BA0 Relevance: 11.2, Strings: 8, Instructions: 1247COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: =Gh|$=Gh|$>j5$>j5$oz|=$'~0$'~0$CbV
                                                                                                                                                                                          • API String ID: 0-1925010860
                                                                                                                                                                                          • Opcode ID: d87430db2588dd12359f0832f13433dba3fa2bcca1be617a7572e01df177149c
                                                                                                                                                                                          • Instruction ID: 9e542619f019cb06e4bbc4f82dd0d965c5c557aafc885d6de6dacd8e69358b13
                                                                                                                                                                                          • Opcode Fuzzy Hash: d87430db2588dd12359f0832f13433dba3fa2bcca1be617a7572e01df177149c
                                                                                                                                                                                          • Instruction Fuzzy Hash: E09237B6A42101CFCF04CE7CD5A87EE3BF2E785360F29D21AD5159B394CA3A9D069B11
                                                                                                                                                                                          Function 00749AA0 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 530COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::_Throw_future_error.LIBCPMT ref: 0074A1A3
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Throw_future_errorstd::_
                                                                                                                                                                                          • String ID: "8q$"8q
                                                                                                                                                                                          • API String ID: 3785073728-2869087566
                                                                                                                                                                                          • Opcode ID: 5167e28422f4a2252fb9bea4b56137e0a24f1719bd1746d96ea8911b5940ef48
                                                                                                                                                                                          • Instruction ID: 4548636686c8ec7a494c3044ac9bdcb5d315e152e934223cb9dbbed04f3a476a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5167e28422f4a2252fb9bea4b56137e0a24f1719bd1746d96ea8911b5940ef48
                                                                                                                                                                                          • Instruction Fuzzy Hash: C1023372E401058FDB00CE7CE9A93DE7BF2AB45320F258525D915AB394DB3E9909CF52
                                                                                                                                                                                          Function 00756830 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 424COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __Init_thread_header.LIBCMT ref: 00756B0F
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Init_thread_header
                                                                                                                                                                                          • String ID: 6/=$6/=
                                                                                                                                                                                          • API String ID: 3738618077-3779471209
                                                                                                                                                                                          • Opcode ID: 0c47c2054e4c2aa92c47e2dc5a82b87098bd6fbf3930130dd79c555ca1e8745f
                                                                                                                                                                                          • Instruction ID: e9edeb0d525352511391fc9d4130e99eb8707dca5c92855613fdc105bbc7f9f0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c47c2054e4c2aa92c47e2dc5a82b87098bd6fbf3930130dd79c555ca1e8745f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 73D14436B452068FCB04CE7CC4A53FE3BF1AB81331F698619C9519B395DA7E990E9B40
                                                                                                                                                                                          Function 00744050 Relevance: 10.6, Strings: 8, Instructions: 555COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: !=}N$!=}N$U,-p$U,-p$_N-$_N-$Y|$Y|
                                                                                                                                                                                          • API String ID: 0-1339201840
                                                                                                                                                                                          • Opcode ID: d799f81355e6abb371cfad5cd1b15948cbef0b6628d7aa47606a8a2457eac13e
                                                                                                                                                                                          • Instruction ID: 7f80a1c66c8dbc0be26a2d6c5db365da6cfeb48b2122566869fac4b9f4663906
                                                                                                                                                                                          • Opcode Fuzzy Hash: d799f81355e6abb371cfad5cd1b15948cbef0b6628d7aa47606a8a2457eac13e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9412F33AA051148FCB05CEBCD9947EE7BF1FB4A350F29851AD401AB394DB3D980AEB05
                                                                                                                                                                                          Function 007C6122 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1479COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                                          • Opcode ID: 0a8f28e6ed96c76817abc769864467b5feaede6417fe5187ca620123be403464
                                                                                                                                                                                          • Instruction ID: cd02737168e0a245c139c33bc20a0911c4f94c143935ee6b4949960616aa81b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a8f28e6ed96c76817abc769864467b5feaede6417fe5187ca620123be403464
                                                                                                                                                                                          • Instruction Fuzzy Hash: EED21971E086298FDB65CE28DD84BEAB7B5EB44305F1441EED40DE7240EB78AE858F41
                                                                                                                                                                                          Function 007770B0 Relevance: 8.4, APIs: 2, Strings: 2, Instructions: 1429threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00777D1B
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00778397
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentThread
                                                                                                                                                                                          • String ID: p"7$p"7
                                                                                                                                                                                          • API String ID: 2882836952-3456302545
                                                                                                                                                                                          • Opcode ID: ad6eadb0fc110730c327eb0e4ecf3271508bfd3f11abe28c50c51a36e2d4a73b
                                                                                                                                                                                          • Instruction ID: 0fca1fed8578971f7e324f55487fcab90fc18734cda5f1e4e55e42437135ac21
                                                                                                                                                                                          • Opcode Fuzzy Hash: ad6eadb0fc110730c327eb0e4ecf3271508bfd3f11abe28c50c51a36e2d4a73b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CB24876A45105CFCF48CEBCC5983EE7BF1BB80350F28861AD8199B358DA7A9C06DB41
                                                                                                                                                                                          Function 00783380 Relevance: 6.4, APIs: 4, Instructions: 392COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 80db69161178809485c937760ec293497c5b756ded6ae962a05460c008e8dde6
                                                                                                                                                                                          • Instruction ID: ca360dffabf1b4d38f0ac4fb9c8df592ed72f77750c3bb21de4d316e5751fbd0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 80db69161178809485c937760ec293497c5b756ded6ae962a05460c008e8dde6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BD13736A85105CFCB04DE7CC4A53FE7BF2E784320F258616C455973D4EA3E9A069B45
                                                                                                                                                                                          Function 0078AC20 Relevance: 6.3, Strings: 4, Instructions: 1259COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: yS n$yS n$2P$q{I
                                                                                                                                                                                          • API String ID: 0-446549057
                                                                                                                                                                                          • Opcode ID: 1db72ae3580e9ab0ea8537e54d1ac6724d32839af8ae388d8a1e0d2dccee4288
                                                                                                                                                                                          • Instruction ID: 17a43c85122888637256df6607e7ad3c188976dc466a19e5789e4164d2fcd4b1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1db72ae3580e9ab0ea8537e54d1ac6724d32839af8ae388d8a1e0d2dccee4288
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9923476B80104DFDB04DF7CD5A53ED7BF2AB85320F298216D411AB3A4CB3A9D0A9B51
                                                                                                                                                                                          Function 007B90E0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 007B90EC
                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 007B91B8
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 007B91D8
                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 007B91E2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                                          • Opcode ID: 01e5936555f966cc9eb81318fa949bc309cefba01be163d487b53dcf209f2f6a
                                                                                                                                                                                          • Instruction ID: 678ba79e578edc15c695cf132f5e5a47fd5e563f856e36fccf82d5204319fd86
                                                                                                                                                                                          • Opcode Fuzzy Hash: 01e5936555f966cc9eb81318fa949bc309cefba01be163d487b53dcf209f2f6a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B313875D0521DEBDB20EFA4D9897CCBBB8AF08300F1041AAE50DAB290EB755B848F05
                                                                                                                                                                                          Function 007449C0 Relevance: 5.9, Strings: 4, Instructions: 947COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: (h9$N!"$"r9$"r9
                                                                                                                                                                                          • API String ID: 0-759499846
                                                                                                                                                                                          • Opcode ID: 64248420ea27e50c1119f5a101c66a3c16cdd1b11a9d4e1ca477e7a803996dc5
                                                                                                                                                                                          • Instruction ID: 7f12298474bd3089d2b2530c0918ca6ad1d138c8ad4876760588fd6d094a6573
                                                                                                                                                                                          • Opcode Fuzzy Hash: 64248420ea27e50c1119f5a101c66a3c16cdd1b11a9d4e1ca477e7a803996dc5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C624476A42910CFCB04CE7CD5A43EE7BF2A789310F2A811AD8119B395DA3E9D05AF45
                                                                                                                                                                                          Function 00799110 Relevance: 5.8, Strings: 4, Instructions: 789COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 2?k"$2?k"$r9{%$yl)
                                                                                                                                                                                          • API String ID: 0-2442328656
                                                                                                                                                                                          • Opcode ID: 61b9570937c147f255937b7d6823afca782d3b275f04b4857a949ccc2b161309
                                                                                                                                                                                          • Instruction ID: 9ef47c56062ffadd9afec0fea7c9673af05792b724a92901dcb711062e7b6716
                                                                                                                                                                                          • Opcode Fuzzy Hash: 61b9570937c147f255937b7d6823afca782d3b275f04b4857a949ccc2b161309
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C422572E446058FDF04CEBCE4A53EE7BF6AB85320F25821DD611AB794C63EA8458F44
                                                                                                                                                                                          Function 00780810 Relevance: 5.7, Strings: 4, Instructions: 723COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: h)K$h)K$<di$<di
                                                                                                                                                                                          • API String ID: 0-104553273
                                                                                                                                                                                          • Opcode ID: 04a16f3468e01be6268d0f03ff2ace0e233a008e22d9591be32b91f7aa0d0ad4
                                                                                                                                                                                          • Instruction ID: 203f11005accdcc3b0b7984e52a0bf34e84e2e0b3890f2bb1d8b23fef8e68bc8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 04a16f3468e01be6268d0f03ff2ace0e233a008e22d9591be32b91f7aa0d0ad4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5142C376E40208CFCF08EEB8D4997DE7BF6AB89350F248519D451AB394CA3D9806CF85
                                                                                                                                                                                          Function 007B6D10 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 357COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: wd*[
                                                                                                                                                                                          • API String ID: 0-195059857
                                                                                                                                                                                          • Opcode ID: d581b901e9a21d557d8f37bb2df7095b44070a0b1875ed4ed15c44f73ec0cbcd
                                                                                                                                                                                          • Instruction ID: bd9e17eec4039850009a554bbd3b918bd93c7e458cecf344b41ac35797627808
                                                                                                                                                                                          • Opcode Fuzzy Hash: d581b901e9a21d557d8f37bb2df7095b44070a0b1875ed4ed15c44f73ec0cbcd
                                                                                                                                                                                          • Instruction Fuzzy Hash: D7C10476B142058FCB04CF7CD9947EE7BF1AB89320F295229D952AB3D4DA3E5809CB50
                                                                                                                                                                                          Function 007B73E0 Relevance: 5.5, Strings: 4, Instructions: 516COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: *fB$*fB$5J`s$5J`s
                                                                                                                                                                                          • API String ID: 0-2631250293
                                                                                                                                                                                          • Opcode ID: 8c9557ffe4f3ede14250c503e9147aae7932e145d7b574f8e96825a06086628e
                                                                                                                                                                                          • Instruction ID: 5af20fd1996d53eb15c4cbbcb47b3ce2deff7dc26174b0d2f122c819baddd5ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c9557ffe4f3ede14250c503e9147aae7932e145d7b574f8e96825a06086628e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B021476A09105CFCB08CE7CD5A57EE7BF2AB85320F288119D541AB394DA3E9D05DF50
                                                                                                                                                                                          Function 00780380 Relevance: 4.1, Strings: 3, Instructions: 354COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: @\][$Q|Jt$Q|Jt
                                                                                                                                                                                          • API String ID: 0-355759107
                                                                                                                                                                                          • Opcode ID: 3ee93930126c60ce65a92cf951d158b7b85e51f7c2b40290341b05640a99299d
                                                                                                                                                                                          • Instruction ID: 9515f68a93c3a0fcf352f6eb6be3272b3bb2756d3a141c9dca4a51a47df7dac3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ee93930126c60ce65a92cf951d158b7b85e51f7c2b40290341b05640a99299d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DC1E776A801148FCF44DE7CD4A57EE7BF2AB49320F25921AD511AB3E0DA3E5C09CB94
                                                                                                                                                                                          Function 00753430 Relevance: 4.1, Strings: 3, Instructions: 333COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: J!r.$J!r.$Xkn?
                                                                                                                                                                                          • API String ID: 0-2107863428
                                                                                                                                                                                          • Opcode ID: 1276ed4cacbb0199181ac53c5d3e999df519885cd00c505b0b11939fafeabd94
                                                                                                                                                                                          • Instruction ID: 2b5c2a7f3508bb8a5315cac2973ab4d8ebc58860e640b940c5b75e63529abe9a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1276ed4cacbb0199181ac53c5d3e999df519885cd00c505b0b11939fafeabd94
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EB14876E04204CFCB08CE7CD9A47EEBBF1AB89351F24811AD8019B360D67E9A099B54
                                                                                                                                                                                          Function 00731000 Relevance: 3.8, Strings: 2, Instructions: 1343COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: W]$W]
                                                                                                                                                                                          • API String ID: 0-91146045
                                                                                                                                                                                          • Opcode ID: 72e71967d823b28bb148d6aa22129acdc0bf18f6272947fb1b9b89b2c0b61513
                                                                                                                                                                                          • Instruction ID: 6f927716eee0bba06c46673d17a94fbbad81f262ae41768b15250b98cfffb268
                                                                                                                                                                                          • Opcode Fuzzy Hash: 72e71967d823b28bb148d6aa22129acdc0bf18f6272947fb1b9b89b2c0b61513
                                                                                                                                                                                          • Instruction Fuzzy Hash: 74B2A776A015148FDB08CFBCD9906DE7BF2EB89320F258219D525EB3E5CA399D06CB50
                                                                                                                                                                                          Function 0079EB30 Relevance: 3.6, APIs: 2, Instructions: 564COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 53747ee17fcb3ef963ca09bebf370d008aab1e7dd45c484d848c4fed2b6e2bd4
                                                                                                                                                                                          • Instruction ID: 9c7e8d36f876e069d9fb86d031d8bbf23adbaf97e2a659eb56765fc1bf51a46e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 53747ee17fcb3ef963ca09bebf370d008aab1e7dd45c484d848c4fed2b6e2bd4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9412E17AE04205CFCF04CFBCE5997EE7BF2AB89310F25852AD442EB394D63999059B44
                                                                                                                                                                                          Function 00762910 Relevance: 3.4, APIs: 2, Instructions: 421COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::_Throw_future_error.LIBCPMT ref: 00762C06
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Throw_future_errorstd::_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3785073728-0
                                                                                                                                                                                          • Opcode ID: 57c46f280d5a6f75ab0c6545838d3510bca81958e7e446d2b2977ca9bb39d408
                                                                                                                                                                                          • Instruction ID: 648ef67411000da342da60b7b13ce0e4a6dea42195a31ac67878044ef81c6b25
                                                                                                                                                                                          • Opcode Fuzzy Hash: 57c46f280d5a6f75ab0c6545838d3510bca81958e7e446d2b2977ca9bb39d408
                                                                                                                                                                                          • Instruction Fuzzy Hash: 38E10476E14604CFCB44DFBCD4957EE7BF2AB49320F184529DC42AB391DA3A980ACB51
                                                                                                                                                                                          Function 00741110 Relevance: 3.3, Strings: 2, Instructions: 766COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ,t$,t
                                                                                                                                                                                          • API String ID: 0-3037436286
                                                                                                                                                                                          • Opcode ID: f5eb47b80b9385a7c9f964bdf58bf57a71759ae87a4959d1a92d2c9cff875771
                                                                                                                                                                                          • Instruction ID: 0639001b5fb58001096afd6320c1660ac44fec7b0c022ed2d0de5012b1cb948d
                                                                                                                                                                                          • Opcode Fuzzy Hash: f5eb47b80b9385a7c9f964bdf58bf57a71759ae87a4959d1a92d2c9cff875771
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8652BC75B40205CFCB04DFBCD5A56EEBBF2BB89360F24812AD801AB354DB39A845DB51
                                                                                                                                                                                          Function 007A5980 Relevance: 3.2, Strings: 2, Instructions: 742COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: m3g$m3g
                                                                                                                                                                                          • API String ID: 0-4226803479
                                                                                                                                                                                          • Opcode ID: 3ec0c45e7a1e48ffc157623ca047810bada2b5b258bd1afc8c4e419b689ecb9b
                                                                                                                                                                                          • Instruction ID: 2742841deb875a091f2ea860beae400a2fff739c712a350c89010a81f5cf04d1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ec0c45e7a1e48ffc157623ca047810bada2b5b258bd1afc8c4e419b689ecb9b
                                                                                                                                                                                          • Instruction Fuzzy Hash: BC420476E04614CFDF04CE7CC5A83EE7BF2AB86320F298219D452AB395D63D98069F50
                                                                                                                                                                                          Function 00763A30 Relevance: 3.1, APIs: 2, Instructions: 145COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Cnd_broadcast
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 465196245-0
                                                                                                                                                                                          • Opcode ID: ceff6caaaca641393f63358867578435f4703fb665b53cabca3a7dabc2fb60e4
                                                                                                                                                                                          • Instruction ID: 77e0d1e8702474b0dd82847154b76cdee855a5086f155b93a3407b735ae6ff1f
                                                                                                                                                                                          • Opcode Fuzzy Hash: ceff6caaaca641393f63358867578435f4703fb665b53cabca3a7dabc2fb60e4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D41F6B6E041548BCB00DA7C98A97EF7BF19B45330F254729D866673D1C62A5A08DB81
                                                                                                                                                                                          Function 0075E9E0 Relevance: 3.1, Strings: 2, Instructions: 563COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: D?i$D?i
                                                                                                                                                                                          • API String ID: 0-130670880
                                                                                                                                                                                          • Opcode ID: 9451ad3226b433ce860ff8a92af837078cf380e9cafbde0cf58c2aa3d6be4f50
                                                                                                                                                                                          • Instruction ID: 51d610d81c8adfbdee6ee3716ee38cbdf14ba9ef44ae41254e1d5496dd06abd6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9451ad3226b433ce860ff8a92af837078cf380e9cafbde0cf58c2aa3d6be4f50
                                                                                                                                                                                          • Instruction Fuzzy Hash: D4228175E01215CFCB08CFA8D5946EEBBF2FB89311F258129D845AB394C779AD09CB81
                                                                                                                                                                                          Function 007B9A21 Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetSystemTimePreciseAsFileTime.KERNEL32(?,007B968F,00000000,?,?,?,007B9605,00000000,00000000,?,?,007B8E0A,007B8C0E,00000001,BEA8137A), ref: 007B9A3A
                                                                                                                                                                                          • GetSystemTimeAsFileTime.KERNEL32(00000000,00000000,?,007B968F,00000000,?,?,?,007B9605,00000000,00000000,?,?,007B8E0A,007B8C0E,00000001), ref: 007B9A3E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Time$FileSystem$Precise
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 743729956-0
                                                                                                                                                                                          • Opcode ID: 447f07b57ab209c7007c270547dc035f2beac9bbbca446188c1804d0da82e736
                                                                                                                                                                                          • Instruction ID: c5d5eb210b4431dacb3a4f8dcc7fa9a5d59768259af03090cdcdc9ef75177b2a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 447f07b57ab209c7007c270547dc035f2beac9bbbca446188c1804d0da82e736
                                                                                                                                                                                          • Instruction Fuzzy Hash: 27D0C9325161289B8B112B94AC046AD7B79AA05B527098016EB1A562209BAA5D009BD9
                                                                                                                                                                                          Function 00763200 Relevance: 2.9, Strings: 2, Instructions: 422COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: Kn$Kn
                                                                                                                                                                                          • API String ID: 0-4234865415
                                                                                                                                                                                          • Opcode ID: 538ab609afd9ba7a4b90aa823e2c0475841968c1a15c98b15d42ea28d96e6494
                                                                                                                                                                                          • Instruction ID: c68fad233225d8e52802aa2394f13bfbc5de5d95a5eb3a86ecd640b7f0dff89a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 538ab609afd9ba7a4b90aa823e2c0475841968c1a15c98b15d42ea28d96e6494
                                                                                                                                                                                          • Instruction Fuzzy Hash: 70E147B6A04215CFCF04CE7CD8957EE7BF1EB89310F188229D842AB354CA3E9A05DB55
                                                                                                                                                                                          Function 00788440 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: f(r|$ua`
                                                                                                                                                                                          • API String ID: 0-563872743
                                                                                                                                                                                          • Opcode ID: 62953be7d250def5f376448d2ab5729b377107716f1a758b7c98ae131df2bafe
                                                                                                                                                                                          • Instruction ID: 6efc779493459827b7e609eaf40eaec8496bf28144ab194e9e1352f0dc440a87
                                                                                                                                                                                          • Opcode Fuzzy Hash: 62953be7d250def5f376448d2ab5729b377107716f1a758b7c98ae131df2bafe
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6CE12676A41105CFCF44EFBCD9946EE7BF2AB84310F64811AD401A7394DE3A9D0A9F46
                                                                                                                                                                                          Function 0075D1F0 Relevance: 2.9, Strings: 2, Instructions: 367COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: fJz$fJz
                                                                                                                                                                                          • API String ID: 0-1644437603
                                                                                                                                                                                          • Opcode ID: 9f17f968de9339c2fffc6009be14303b02efe5ccf6324a5996f073ef6babff39
                                                                                                                                                                                          • Instruction ID: d19362937f0638776d15bc8efa6df36cb4e31cca2e1ba3711e6318f747d80f83
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f17f968de9339c2fffc6009be14303b02efe5ccf6324a5996f073ef6babff39
                                                                                                                                                                                          • Instruction Fuzzy Hash: A9D1D472E002048FCF24DFB8D5956EE7BF2EB85321F254619D851AB3A0DA7E9D09CB41
                                                                                                                                                                                          Function 007ABD30 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ]9v5$]9v5
                                                                                                                                                                                          • API String ID: 0-768807713
                                                                                                                                                                                          • Opcode ID: e7d4499bd77611ead8da8b0714c06572b31f4e75f4abe534bafdc9f8cf31b312
                                                                                                                                                                                          • Instruction ID: 60467467ca0eed671c50d7ef9e744e0ce39bdfdc4f7219eba725f49a60e377f7
                                                                                                                                                                                          • Opcode Fuzzy Hash: e7d4499bd77611ead8da8b0714c06572b31f4e75f4abe534bafdc9f8cf31b312
                                                                                                                                                                                          • Instruction Fuzzy Hash: 15D1E275A04104DFCB09CFBCD9555EDBBF2BBC6300F24822AD901A7358DA399D06DB45
                                                                                                                                                                                          Function 00790070 Relevance: 2.9, Strings: 2, Instructions: 354COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 7TD*$7TD*
                                                                                                                                                                                          • API String ID: 0-383827924
                                                                                                                                                                                          • Opcode ID: 7a793e8746c8fbc7c0edffba01f95f1b9f8b2ce3b614c9a87f38da3d455fb0e5
                                                                                                                                                                                          • Instruction ID: be1de308e97c9c63ec516f179306a3bd535ecba331f75846b32b38e90b4edbf5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a793e8746c8fbc7c0edffba01f95f1b9f8b2ce3b614c9a87f38da3d455fb0e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DC11636A50215CFCF04CE7CE8A57EF7BF6A745320F25521AC951AB390D63E99069BC0
                                                                                                                                                                                          Function 0075CD70 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: \Q3o$\Q3o
                                                                                                                                                                                          • API String ID: 0-2051552116
                                                                                                                                                                                          • Opcode ID: 02b75aaee0f74bf6f2125826169b1456008821260bc6cf72571f2f1eed4c95d2
                                                                                                                                                                                          • Instruction ID: 87f58f99386a2bd4b4aba10d97cfd7face2d963f1b78075f0e3c7849f6fa68de
                                                                                                                                                                                          • Opcode Fuzzy Hash: 02b75aaee0f74bf6f2125826169b1456008821260bc6cf72571f2f1eed4c95d2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 39C12676A007048FCF44CEBCC5A57EE7BF2AB85361F3A9115D811AB390DA7D9C0A9B50
                                                                                                                                                                                          Function 007960E0 Relevance: 2.8, Strings: 2, Instructions: 340COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 0|< $QuX?
                                                                                                                                                                                          • API String ID: 0-2321951594
                                                                                                                                                                                          • Opcode ID: 4bc0bca9607a4665e2832cb905306320a80a21648561d622cd9bedb9154148ed
                                                                                                                                                                                          • Instruction ID: 2dc4c9a1d2c4258102b97cefdbcf9958896c77cfe782ade9f0ad7d56b0824f55
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bc0bca9607a4665e2832cb905306320a80a21648561d622cd9bedb9154148ed
                                                                                                                                                                                          • Instruction Fuzzy Hash: 83B12536A40625CFDF04CE7CE8A87EE3BF2A745330F2A5319D511AB3D1D62E99098B54
                                                                                                                                                                                          Function 007A0540 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: |SMe$|SMe
                                                                                                                                                                                          • API String ID: 0-1435498636
                                                                                                                                                                                          • Opcode ID: f15ee8ed629fe912fdb57885ddcf82325a6821d7261450732fc6ed939775031a
                                                                                                                                                                                          • Instruction ID: c1e305cb9d1a525a3f2e5c68440f4ce87f058395805209306acec76b3f2872f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: f15ee8ed629fe912fdb57885ddcf82325a6821d7261450732fc6ed939775031a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CB11476E412158FDB04CE7CD5A47EFBBF1A7CA320F25861AC511AB391C63E5C098B90
                                                                                                                                                                                          Function 00765D40 Relevance: 2.8, Strings: 2, Instructions: 331COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: [(`$[(`
                                                                                                                                                                                          • API String ID: 0-1839716265
                                                                                                                                                                                          • Opcode ID: ef16542992dd61684302abede98de5883f187545277be3ff180ea0ba1184b3c3
                                                                                                                                                                                          • Instruction ID: a66bd933140d094c954ff16845167d5bf89d7445dccc1ead80c261fa779fb25d
                                                                                                                                                                                          • Opcode Fuzzy Hash: ef16542992dd61684302abede98de5883f187545277be3ff180ea0ba1184b3c3
                                                                                                                                                                                          • Instruction Fuzzy Hash: E3B1F636E10219CFCF05CF7CC4953EEBBF5AB49360F298116C856AB391D63A5D05AB90
                                                                                                                                                                                          Function 007AF4D0 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: k@hq$k@hq
                                                                                                                                                                                          • API String ID: 0-1264566751
                                                                                                                                                                                          • Opcode ID: a6d2bf03728bc833684ff43225894e4fd8ec4060836b14ccc7df52a0ef485537
                                                                                                                                                                                          • Instruction ID: a5cce7bfa6a68c190cce0be4a9cbaa87e83b0d0128ff671ab7f67c44fe1c8856
                                                                                                                                                                                          • Opcode Fuzzy Hash: a6d2bf03728bc833684ff43225894e4fd8ec4060836b14ccc7df52a0ef485537
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FB10576E005148FCB04CFBCD8957EE7BF2EB85320F254229D951AB3A0D63E9D099B54
                                                                                                                                                                                          Function 0079F9D0 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: u8B5$u8B5
                                                                                                                                                                                          • API String ID: 0-1527950420
                                                                                                                                                                                          • Opcode ID: 86583e8cddf29036e66bf8c6963630ba54566a2931649553894dbc5bbf9b53b4
                                                                                                                                                                                          • Instruction ID: 005b32ced8da97380d0bdcfa3844004b1c758c51eeaafdb7464275a6fb6ebf05
                                                                                                                                                                                          • Opcode Fuzzy Hash: 86583e8cddf29036e66bf8c6963630ba54566a2931649553894dbc5bbf9b53b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 96A10336B042158FCF04CE7CD8A53DE7BF2AB4A321F298625C455EB3D4C72E89059B54
                                                                                                                                                                                          Function 007A0990 Relevance: 2.8, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: Yh66$Yh66
                                                                                                                                                                                          • API String ID: 0-2688580557
                                                                                                                                                                                          • Opcode ID: 39ff78a3cc2531cd5bc7d487b79cc0dd151d51726d9bf8eb76186c72d3709ccc
                                                                                                                                                                                          • Instruction ID: de0f8f188ea5184733baafcc1ff73691eafa17987d6e988545c7d47485beeb48
                                                                                                                                                                                          • Opcode Fuzzy Hash: 39ff78a3cc2531cd5bc7d487b79cc0dd151d51726d9bf8eb76186c72d3709ccc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 78A1F576B442158FCF04CE7CC8987DE7BF2A78A364F198716D841AB3A4C73A9D048B94
                                                                                                                                                                                          Function 00783C10 Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: )V$8.l
                                                                                                                                                                                          • API String ID: 0-3318964368
                                                                                                                                                                                          • Opcode ID: 6436f790b5b4179a687aca70fae339d41420c8067dfdfab85ac38c91821bfb7a
                                                                                                                                                                                          • Instruction ID: fba7ecf5ad5b06ceec152f63aa3d40cbf79f21c8322a5517bcd890cc3c72c690
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6436f790b5b4179a687aca70fae339d41420c8067dfdfab85ac38c91821bfb7a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E519275B402058FCB04DF6CD8917DEBBF2AB89720F25465AD915AB3E0C63A6D058B90
                                                                                                                                                                                          Function 0079E3A0 Relevance: 2.6, Strings: 2, Instructions: 148COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: CfM$CfM
                                                                                                                                                                                          • API String ID: 0-3025106272
                                                                                                                                                                                          • Opcode ID: 7054bd33b54ae5a791aa775ff3beed529884229cbd5f5f626cfaac27fdb7cd84
                                                                                                                                                                                          • Instruction ID: d4b706c1885fcb0b19d0110b405818778ae0214208a2a665b65f2d962c206a87
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7054bd33b54ae5a791aa775ff3beed529884229cbd5f5f626cfaac27fdb7cd84
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3241F376B551158FCF00CBBCD8957EE7BF1AB45331F29071AD820AB3D2D62A5A058BA0
                                                                                                                                                                                          Function 007A7CC0 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: x2?"$x2?"
                                                                                                                                                                                          • API String ID: 0-1313737588
                                                                                                                                                                                          • Opcode ID: e6386925a2c4b44ce688aff70e8d20f96f347beb7e582c1e4761093227296d59
                                                                                                                                                                                          • Instruction ID: 3b73412978fc8f0fa3789d8ae83d803e556c9d1d7219a1daf8a5311db9d2f705
                                                                                                                                                                                          • Opcode Fuzzy Hash: e6386925a2c4b44ce688aff70e8d20f96f347beb7e582c1e4761093227296d59
                                                                                                                                                                                          • Instruction Fuzzy Hash: D0411476F192558FCB088E7CC8957EE7BF2AB86321F15071AD811A73D2D52E4D09CB90
                                                                                                                                                                                          Function 007AFC70 Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: Qn$Qn
                                                                                                                                                                                          • API String ID: 0-3188406930
                                                                                                                                                                                          • Opcode ID: a8ae24f6f8d99bd347ac92aa0a6567ad438f9868ab019c54161198057943d664
                                                                                                                                                                                          • Instruction ID: a875ed93d4a76193934381e856b214eed88b830af4e58c9ec3bc56e2e54444b4
                                                                                                                                                                                          • Opcode Fuzzy Hash: a8ae24f6f8d99bd347ac92aa0a6567ad438f9868ab019c54161198057943d664
                                                                                                                                                                                          • Instruction Fuzzy Hash: 42412676E046048FCB04CEBCD9987DE77F2A786320F254325D920AB3E0D62F59098F90
                                                                                                                                                                                          Function 00788B40 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: =Xwm$=Xwm
                                                                                                                                                                                          • API String ID: 0-633539869
                                                                                                                                                                                          • Opcode ID: 8d55f5124007ef139e7d604b6d963dbe132437eebbb5a112376632c6a248401b
                                                                                                                                                                                          • Instruction ID: 8646859f8c7abd36f8a414de6fd50fe72f05ec29083c58ae3dd06985bd320689
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d55f5124007ef139e7d604b6d963dbe132437eebbb5a112376632c6a248401b
                                                                                                                                                                                          • Instruction Fuzzy Hash: A44126B2A451158FCF409A7CC8943EF7BF2A785330F25421AC424AB3D1CA3B59069BA1
                                                                                                                                                                                          Function 007AF320 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: }9wk$}9wk
                                                                                                                                                                                          • API String ID: 0-170594621
                                                                                                                                                                                          • Opcode ID: 0002508c93a65d7638948b4e7aca35bed229d5ee6745f536b5176a6516e6f21a
                                                                                                                                                                                          • Instruction ID: 1b0d5bc9de8b8cbfb9025db72bf27227133cf76e9f501412bb65072a2cdf81ba
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0002508c93a65d7638948b4e7aca35bed229d5ee6745f536b5176a6516e6f21a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4241E476A002158FCF04CEBCC5947EE7BF2A78A324F16472AD955A73D0C66B5D0A8B90
                                                                                                                                                                                          Function 00792470 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ;#y$;#y
                                                                                                                                                                                          • API String ID: 0-2833862990
                                                                                                                                                                                          • Opcode ID: 31a3a6a0e0e8bca37555d5fa42d81d3a9bfa458a89a88c9a91abdb2bc340ff2e
                                                                                                                                                                                          • Instruction ID: 767d8bad7b67e856d2c13ea461ad3e92768219f7a53698be2b97188ac35baaea
                                                                                                                                                                                          • Opcode Fuzzy Hash: 31a3a6a0e0e8bca37555d5fa42d81d3a9bfa458a89a88c9a91abdb2bc340ff2e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 89416576E402158FCF04DE7CE8A57EE7BF2A745320F16021AC965A73D2C63F590A8B90
                                                                                                                                                                                          Function 00768260 Relevance: 2.2, Strings: 1, Instructions: 975COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: `#i
                                                                                                                                                                                          • API String ID: 0-441195111
                                                                                                                                                                                          • Opcode ID: 9320e4e20f8bb7666f694f0ebb0ba1c3647f5473c411675003e42ed47bb00b1f
                                                                                                                                                                                          • Instruction ID: 0ab4712d756315a6ffa6fa91bf5e9ab667334648e3ddc89d94d45ddb0bf2ac92
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9320e4e20f8bb7666f694f0ebb0ba1c3647f5473c411675003e42ed47bb00b1f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F82A179A01204CFCB44CFACD5956ADBBF2FB89310F248559D846AB364DB39AD05CF42
                                                                                                                                                                                          Function 007B4AA0 Relevance: 2.0, Strings: 1, Instructions: 758COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: mvN&
                                                                                                                                                                                          • API String ID: 0-75694934
                                                                                                                                                                                          • Opcode ID: d0a14b6c723876e87f1c94a9fef11196776672df93c74af7dd0ba47c70d0caa6
                                                                                                                                                                                          • Instruction ID: f1eda8fba983e8058775e6da3eee4c52c07a8e1c8f89ab293b4480f9c18192aa
                                                                                                                                                                                          • Opcode Fuzzy Hash: d0a14b6c723876e87f1c94a9fef11196776672df93c74af7dd0ba47c70d0caa6
                                                                                                                                                                                          • Instruction Fuzzy Hash: F8423436A15611CFCB04CE7CD5A47EE7BF2EB85320F28811AD901AB3A5C63E9D05DB44
                                                                                                                                                                                          Function 0079DA00 Relevance: 2.0, Strings: 1, Instructions: 739COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: -eG
                                                                                                                                                                                          • API String ID: 0-2733614067
                                                                                                                                                                                          • Opcode ID: 24f4c8348085ca5914f5788c18a8243a0cc054da6aa98a33caa1cfdc1cd3446c
                                                                                                                                                                                          • Instruction ID: 0cb075ede960fe92218906df9d8aacd3b34fa62b325b2bb04a70c24472823a98
                                                                                                                                                                                          • Opcode Fuzzy Hash: 24f4c8348085ca5914f5788c18a8243a0cc054da6aa98a33caa1cfdc1cd3446c
                                                                                                                                                                                          • Instruction Fuzzy Hash: D9421476A005058FCF04CE7CE4A47EE7BF6A789320F258216D961AB3A0D63E9D06DF54
                                                                                                                                                                                          Function 00766320 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: #rP
                                                                                                                                                                                          • API String ID: 0-3005770539
                                                                                                                                                                                          • Opcode ID: f0be1b09d1d2222dbb2e1951565b1ff506809ede47d56c3ff4562a5d7c7a18b1
                                                                                                                                                                                          • Instruction ID: f1b28cec43ae03e8ca3846a23ddf370ccff7b09d9581f5f97549605afc4d7d63
                                                                                                                                                                                          • Opcode Fuzzy Hash: f0be1b09d1d2222dbb2e1951565b1ff506809ede47d56c3ff4562a5d7c7a18b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 92229EB5E002188FCB04DFBCD4A56EEBBF2EB48310F158129EC56AB355DA39AD058F51
                                                                                                                                                                                          Function 007CB30E Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,007CB269,?,?,00000008,?,?,007CAE3B,00000000), ref: 007CB53B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                          • Opcode ID: 6ec0c0f5db8802fd093ed0cc3a125c202660908222d88f0e4a4c3cf5d2bf6cf6
                                                                                                                                                                                          • Instruction ID: fbcc187b62bb6e1d0c85e5a0d23fd353e4c1f0706cc8d810bd2617f9962eeb3d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ec0c0f5db8802fd093ed0cc3a125c202660908222d88f0e4a4c3cf5d2bf6cf6
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0B107316106489FD719CF28C48AF657BA0FF45365F25865CF899CF2A2C739EA92CB40
                                                                                                                                                                                          Function 0078DA40 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: q3b
                                                                                                                                                                                          • API String ID: 0-700147285
                                                                                                                                                                                          • Opcode ID: 4f98cd2fb3e533c167da724e641b780bafaabfd4148216a94f3be9da14d1853f
                                                                                                                                                                                          • Instruction ID: 5e07f6a530b2f45e910ea58f3d497ec09a4abb754f7b02492430798d7fbebe5b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f98cd2fb3e533c167da724e641b780bafaabfd4148216a94f3be9da14d1853f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FE10476A80104CFCB14DFBCD8A57EE7BF2EB88320F25811AD411AB394DA3A9D05DB55
                                                                                                                                                                                          Function 007B9251 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 007B9267
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2325560087-0
                                                                                                                                                                                          • Opcode ID: 070273557979775aeff3fb45136cbc2d7a7a6eca8c6d1279a856327db02b6542
                                                                                                                                                                                          • Instruction ID: 428bd1469414548227b023f2b9d90699bc30d73145d39871dc8cb67d0b659798
                                                                                                                                                                                          • Opcode Fuzzy Hash: 070273557979775aeff3fb45136cbc2d7a7a6eca8c6d1279a856327db02b6542
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32516AB1A05215CBEB18CF65E9817EABBF5FB88310F24C46BD611EB2A1D3789940CF50
                                                                                                                                                                                          Function 0077A420 Relevance: 1.6, Strings: 1, Instructions: 381COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: *^}
                                                                                                                                                                                          • API String ID: 0-2108712131
                                                                                                                                                                                          • Opcode ID: 28acb50b31c22ac35d12304175a6bc09c5fbb885a282e37e6d44d45f2a76a4d4
                                                                                                                                                                                          • Instruction ID: 386017080002f5d2b22807770cc065f0962154c9568f922d1eb295c0be66fc32
                                                                                                                                                                                          • Opcode Fuzzy Hash: 28acb50b31c22ac35d12304175a6bc09c5fbb885a282e37e6d44d45f2a76a4d4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BD10376E10104EFDF08CE7CD4943ED7BF1AB88360F298116D809AB364CA3D98069F66
                                                                                                                                                                                          Function 00746A20 Relevance: 1.6, Strings: 1, Instructions: 364COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: Unknown exception
                                                                                                                                                                                          • API String ID: 0-410509341
                                                                                                                                                                                          • Opcode ID: c8255c257bd3853b39512fd2afddacf7ffde7a7ffbbd9591c25c71bafdda0765
                                                                                                                                                                                          • Instruction ID: 7749862893d57a2cc79f85389b3ad2cd447ffd9d24258670d6bbc3831775401d
                                                                                                                                                                                          • Opcode Fuzzy Hash: c8255c257bd3853b39512fd2afddacf7ffde7a7ffbbd9591c25c71bafdda0765
                                                                                                                                                                                          • Instruction Fuzzy Hash: 92C12376A051058FCB04CEBCE5A47DD7BF2EB8A350F289116E441AB354DB3D9D0A8B26
                                                                                                                                                                                          Function 0076B900 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ?{
                                                                                                                                                                                          • API String ID: 0-957239399
                                                                                                                                                                                          • Opcode ID: 523c6667cdf40f2aec017884a124ae62d426182ae41855b307d30c8e407e7723
                                                                                                                                                                                          • Instruction ID: 7dae11599f4f7681732905446ebd64ade85fa575d651bc377d1e31661024a798
                                                                                                                                                                                          • Opcode Fuzzy Hash: 523c6667cdf40f2aec017884a124ae62d426182ae41855b307d30c8e407e7723
                                                                                                                                                                                          • Instruction Fuzzy Hash: D1B16876A015108FCB05CE7CC4B53EE3BF5A74A360F298216CD66EB390CB2E6D498B55
                                                                                                                                                                                          Function 00761AF0 Relevance: 1.6, Strings: 1, Instructions: 331COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: Y]a
                                                                                                                                                                                          • API String ID: 0-2106746526
                                                                                                                                                                                          • Opcode ID: e92924b49aa54902f3ea1645e8a2b8c80e2e132d4eb6718a0ce65699704d990d
                                                                                                                                                                                          • Instruction ID: 42bc142744d2a8f02ddae3824beab84d5b90a3b120bd19b0f4ac814c9cec9e43
                                                                                                                                                                                          • Opcode Fuzzy Hash: e92924b49aa54902f3ea1645e8a2b8c80e2e132d4eb6718a0ce65699704d990d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FB10776A052148FCF04CE7CD5A87EE7BF2EB49360F698115D802AB354DA3E9D099F90
                                                                                                                                                                                          Function 0079CBD0 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: R9#
                                                                                                                                                                                          • API String ID: 0-2883767798
                                                                                                                                                                                          • Opcode ID: 5445407943a660febfce35d6509b25925446bfa0de915846ac2cf90ef1c6541a
                                                                                                                                                                                          • Instruction ID: fff591cadb2183fb45fcb35b3ddff4d3f769bc68c40da4e4cafaa15209c617c0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5445407943a660febfce35d6509b25925446bfa0de915846ac2cf90ef1c6541a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 98B1B276A04115CFCF04CF7CE9956EE7FF2AB89350F29411AD856BB3A4CA3A5805CB90
                                                                                                                                                                                          Function 007BBC92 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                          • Opcode ID: 4df35e044460cf7ef605b6c63c16d61c62bb88846f9a81a8559a4ccd6d064504
                                                                                                                                                                                          • Instruction ID: fbf25b3ceba404559641eef610914d18c83abb3bcf0bc0016775b32083b47590
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4df35e044460cf7ef605b6c63c16d61c62bb88846f9a81a8559a4ccd6d064504
                                                                                                                                                                                          • Instruction Fuzzy Hash: 62B1C470A0460ACFCB24CE68C999BFEBBA1AF44300F14461DED9297691C7BDEE41CB51
                                                                                                                                                                                          Function 00786AF0 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: ?\{
                                                                                                                                                                                          • API String ID: 0-1873782291
                                                                                                                                                                                          • Opcode ID: 122b4821a146b6407f6b8ba5bc7d55ebb338a40761556945b8e05e06cfa2dfc5
                                                                                                                                                                                          • Instruction ID: ff11eff5bffc4864b3f4f8b60e4436b44483229324fa3cb673c7154cfc3f908a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 122b4821a146b6407f6b8ba5bc7d55ebb338a40761556945b8e05e06cfa2dfc5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D91317AB851149FCF08DF7CD9946EE7BF2FB88344F288119C441AB354CA3D98069BA5
                                                                                                                                                                                          Function 007B90D4 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000891FB), ref: 007B90D9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                          • Opcode ID: 0d28a1a34a8dfa4e0d705bdc1599b49d7337fd3fd1df72e9d64224731baab892
                                                                                                                                                                                          • Instruction ID: dc692f76a100ed6bd6af68beef9dfffbd0291feb94d3143c9a408d0603033835
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d28a1a34a8dfa4e0d705bdc1599b49d7337fd3fd1df72e9d64224731baab892
                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                          Function 00793CD0 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: *y
                                                                                                                                                                                          • API String ID: 0-2176752194
                                                                                                                                                                                          • Opcode ID: 03cdeca140ce09f245cfe7b7451ecfb1a44de3beb159192af3b14ee02a0796dc
                                                                                                                                                                                          • Instruction ID: 3f4a5e8854c5700ea5f843d4a7afc57c5aa5627052a0f76fdc61af5b8743de3f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 03cdeca140ce09f245cfe7b7451ecfb1a44de3beb159192af3b14ee02a0796dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: B461D076E002158FDF04CFB8D4947EEBBF2AB89320F25821AD815773A0D63A5905CF90
                                                                                                                                                                                          Function 00747D50 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: cPh
                                                                                                                                                                                          • API String ID: 0-2552021041
                                                                                                                                                                                          • Opcode ID: 386a2435a5f248d04bba76548adc62aa212bc8533aad4143872d01fc0410860d
                                                                                                                                                                                          • Instruction ID: 30b12d47be0362e04344c1b510fcc018a2cb5edbbda878c13d3f621ee4d28645
                                                                                                                                                                                          • Opcode Fuzzy Hash: 386a2435a5f248d04bba76548adc62aa212bc8533aad4143872d01fc0410860d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2251BFB6E042158FCB04CF6CC4907EEBBF6AB89720F15412AD814A73A1C73A5D09CF91
                                                                                                                                                                                          Function 00796550 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: eZ
                                                                                                                                                                                          • API String ID: 0-1802043403
                                                                                                                                                                                          • Opcode ID: aa5898b513773067689fbce75231a7bc081089080a5042b1cd9a14f2415e24bf
                                                                                                                                                                                          • Instruction ID: 957903fb3889042095824096454587689d7fbc12adeef12a9abf43632192b2fd
                                                                                                                                                                                          • Opcode Fuzzy Hash: aa5898b513773067689fbce75231a7bc081089080a5042b1cd9a14f2415e24bf
                                                                                                                                                                                          • Instruction Fuzzy Hash: D351C2B6E001158FCF04CFBCE5957DEBBF2AB49324F164219D815A7390D63AA905CFA1
                                                                                                                                                                                          Function 0076CAB0 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: DPu_
                                                                                                                                                                                          • API String ID: 0-4027776784
                                                                                                                                                                                          • Opcode ID: a0481d950e589ae9c63553c02297dce042d4b5f73d5668b6d5db72f47e3fa283
                                                                                                                                                                                          • Instruction ID: c242c2b464ba100843984a40439313feb2573366ee33b11a1e6231f68374b191
                                                                                                                                                                                          • Opcode Fuzzy Hash: a0481d950e589ae9c63553c02297dce042d4b5f73d5668b6d5db72f47e3fa283
                                                                                                                                                                                          • Instruction Fuzzy Hash: 975108B6E001158FCB01CF7CD5957EFBBF2AB49320F15421AD866A73D0D62A5D048BE4
                                                                                                                                                                                          Function 0076B560 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: '
                                                                                                                                                                                          • API String ID: 0-1997036262
                                                                                                                                                                                          • Opcode ID: 338beb4447927bfacde3db50936d35cbcfa8bf381683e21e45c4120ae07d8839
                                                                                                                                                                                          • Instruction ID: 4bb70a1c2db69cdc7fe97a80cd167bf45db46c1b378bcfb7732eb86982d22c37
                                                                                                                                                                                          • Opcode Fuzzy Hash: 338beb4447927bfacde3db50936d35cbcfa8bf381683e21e45c4120ae07d8839
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4841F776A012058FCB04CE7CC5A47EF77F6AB8A324F29821AD916DB391C63B59468F50
                                                                                                                                                                                          Function 0074DC60 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: j+C
                                                                                                                                                                                          • API String ID: 0-1395560066
                                                                                                                                                                                          • Opcode ID: 6dd85187960e3ace07058279294ca9bf3d9a767220e5ac3981a659dda0dbf0f0
                                                                                                                                                                                          • Instruction ID: 11af57d78eaa7d5f00a3ada91fde627b24e31c6c8955b199d93f39aa15ea2576
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6dd85187960e3ace07058279294ca9bf3d9a767220e5ac3981a659dda0dbf0f0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F41D372E406158FCB04CE7CC4947EE7BF5AB59320F25432AC865AB3D0D66A5D08CB91
                                                                                                                                                                                          Function 00748100 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: il:
                                                                                                                                                                                          • API String ID: 0-1662848192
                                                                                                                                                                                          • Opcode ID: b073b9d1d5b99983da1e3b7ec4a8846b4e89b5a3000a15884c3a6b676a416f73
                                                                                                                                                                                          • Instruction ID: 6210b91b181a0804bb828219be60ab4a5214514c21f95ee1370479bc605a164c
                                                                                                                                                                                          • Opcode Fuzzy Hash: b073b9d1d5b99983da1e3b7ec4a8846b4e89b5a3000a15884c3a6b676a416f73
                                                                                                                                                                                          • Instruction Fuzzy Hash: CA41F476E441198FDB04CE7CC4947EE7BF2AB49320F15421AD815AB391CA3F5D0A8B91
                                                                                                                                                                                          Function 007593D0 Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: Xu
                                                                                                                                                                                          • API String ID: 0-4284206610
                                                                                                                                                                                          • Opcode ID: fa1265e78a3165bd73627f1cb6383df3395b06e964a48596e5f21f55702e97d9
                                                                                                                                                                                          • Instruction ID: 40db65fa0c9c4a0ea6e1f2cea8875aa47c84b96ea9da779c1f7938949e3e00ff
                                                                                                                                                                                          • Opcode Fuzzy Hash: fa1265e78a3165bd73627f1cb6383df3395b06e964a48596e5f21f55702e97d9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 64412276E402158FDB00CF7CC8847DE7BF2EB89361F264619C925A73A1D63B9D0A8B50
                                                                                                                                                                                          Function 00788290 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: }sZ1
                                                                                                                                                                                          • API String ID: 0-4281124016
                                                                                                                                                                                          • Opcode ID: f05c1a303859a8b4d3c813d114fc0f424f59da038075ef5fe17689ccfe319662
                                                                                                                                                                                          • Instruction ID: 1f19cd46356fbae38103fc5b5d5abbe86388783fb92c305ee6647eccff41698b
                                                                                                                                                                                          • Opcode Fuzzy Hash: f05c1a303859a8b4d3c813d114fc0f424f59da038075ef5fe17689ccfe319662
                                                                                                                                                                                          • Instruction Fuzzy Hash: C4417836A805168FCF00DE7CD8A17EF7BF1AB85360F66422AD42497390CA2E5909CF81
                                                                                                                                                                                          Function 007BFB4D Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                          • Opcode ID: 0a35a04d9afbb17ee33775731c372ecd532a935c887640ea5f35827e4b132d03
                                                                                                                                                                                          • Instruction ID: 4c0ae20a8a4cbbb3962197ea7493e86e276b04511e0e7d57ca39d54f806a68ed
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a35a04d9afbb17ee33775731c372ecd532a935c887640ea5f35827e4b132d03
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CA00174A032019B97409F35AB09B093BBABA4969170AC06EA415C61B0EA6D89509B0A
                                                                                                                                                                                          Function 0075F0E0 Relevance: 1.0, Instructions: 952COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d28d7c270723f817c0e1b55529bb94a96f4724db687253225422ab4b92c46806
                                                                                                                                                                                          • Instruction ID: daee337971ef3d4480601ae92857fa7db30e3ad237caaf62bce8df07998a7017
                                                                                                                                                                                          • Opcode Fuzzy Hash: d28d7c270723f817c0e1b55529bb94a96f4724db687253225422ab4b92c46806
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D828B79A00618CFCB04CFACD4946EEBBF2FB89310F20856AD805AB355DB79A805DF51
                                                                                                                                                                                          Function 007691F0 Relevance: .7, Instructions: 683COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 1d3d38437d73c14ea0c5c221ea93cd162ab04ab5f8501f6a2410340583756990
                                                                                                                                                                                          • Instruction ID: 93adbcf472316e42ad880ce1a954ee0f3787364810bd43b739c6d11cd5c8edb6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d3d38437d73c14ea0c5c221ea93cd162ab04ab5f8501f6a2410340583756990
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E32807AA00615CFCB04CFBCC4A57EE7BF5AB89320F258219D946AB364D639AC05DF41
                                                                                                                                                                                          Function 00761060 Relevance: .7, Instructions: 662COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: dfdb33ab8f8dc3e9779ebe68c03443693100ee911a0966cf1e8ca5697617e2a5
                                                                                                                                                                                          • Instruction ID: 333b7e2e8e6010242c4ebce21979680dacb07c57c67f02355ca49f92a9543dfc
                                                                                                                                                                                          • Opcode Fuzzy Hash: dfdb33ab8f8dc3e9779ebe68c03443693100ee911a0966cf1e8ca5697617e2a5
                                                                                                                                                                                          • Instruction Fuzzy Hash: AD428F75E11205CFCB08CFA8D89569DBBF2FB89310F198629E816AB354DB399C05CF51
                                                                                                                                                                                          Function 007B5C10 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 9149cce5f5f0bff6cd046f72100f1c38008b4579bcf27769a87d4b7774f98b0c
                                                                                                                                                                                          • Instruction ID: 257b24bfeaeab0342fef41720661c088d5549de37f171c502f82b4cb312cfe27
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9149cce5f5f0bff6cd046f72100f1c38008b4579bcf27769a87d4b7774f98b0c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8112F536A146158FCF04CE7CC9E47EE7BF2AB49330F295215C612AB394D63D9806DB60
                                                                                                                                                                                          Function 00782350 Relevance: .6, Instructions: 551COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 28f319270b53c249d24e51af1b8c4eaef353dcb64358c81dd846aeff52f6b35b
                                                                                                                                                                                          • Instruction ID: cee558aa4b77dc2f87b10b29532274cb2d6d6069bff803be03b4454ddf890f4f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 28f319270b53c249d24e51af1b8c4eaef353dcb64358c81dd846aeff52f6b35b
                                                                                                                                                                                          • Instruction Fuzzy Hash: B612F376A802058FCB04DE7CD4A53EE7BF2EB49321F25C219D851AB392DA3D9C069F51
                                                                                                                                                                                          Function 0078F9A0 Relevance: .5, Instructions: 514COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 304ddc7a26d1720234164a5989940d49ecf8e6d8304e3af3a82375167f029a03
                                                                                                                                                                                          • Instruction ID: 3093b1847b9af50140831474187b8e7ec7b9fa2010b3ecf012ebae57c166bc87
                                                                                                                                                                                          • Opcode Fuzzy Hash: 304ddc7a26d1720234164a5989940d49ecf8e6d8304e3af3a82375167f029a03
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C02A076E54215CFCF04DFBCD4956EEBBF2EB89320F244129D801AB354D638A849CB91
                                                                                                                                                                                          Function 0079D350 Relevance: .5, Instructions: 502COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c18a2ec22e8dc874ba5928b5b4607530f020d0207a29cf215e807366119656ab
                                                                                                                                                                                          • Instruction ID: 6d4c53f4e112f7c4403716cffdb9c831800f44ded3572631e08a22e2de367c34
                                                                                                                                                                                          • Opcode Fuzzy Hash: c18a2ec22e8dc874ba5928b5b4607530f020d0207a29cf215e807366119656ab
                                                                                                                                                                                          • Instruction Fuzzy Hash: EF022736A041048FCF14CEBCE5957ED7BF2EB8A324F288219D852AB394D63DAC059F54
                                                                                                                                                                                          Function 00740130 Relevance: .5, Instructions: 488COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2e5c9f8fe1427e6d57c16de6b97a0a91586e84da5461d771026da6b8d63aeea9
                                                                                                                                                                                          • Instruction ID: 6062339519172130fcd014cf0681efa0c745eee2b1e58ec3ff4054a107dba874
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e5c9f8fe1427e6d57c16de6b97a0a91586e84da5461d771026da6b8d63aeea9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A02907AE05205CFCB04CFACD594ADDBBF2BB89310F248119E955AB364CB39A805CF95
                                                                                                                                                                                          Function 0076D190 Relevance: .5, Instructions: 464COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 1773d4b224840159c6814f40e534d4bb13118415fcc3e7c9713e747c648c9960
                                                                                                                                                                                          • Instruction ID: 4b1a774fa869c69b1d8521b98950fe8242229efcc472250ef47926c8d037a698
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1773d4b224840159c6814f40e534d4bb13118415fcc3e7c9713e747c648c9960
                                                                                                                                                                                          • Instruction Fuzzy Hash: C402AB76F10615CFCB04CFA8D4A5BDEBBF2BB89310F258155D802AB364D639AC069F91
                                                                                                                                                                                          Function 007B2970 Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: bd49734e0e99fe11f34a5901ce46ec08e6c23ba8754e81ccac641c8c1c19c834
                                                                                                                                                                                          • Instruction ID: 63930713d65d53e2babf51844d26dbc53b3e36943d32d446ebe8e179bad1c661
                                                                                                                                                                                          • Opcode Fuzzy Hash: bd49734e0e99fe11f34a5901ce46ec08e6c23ba8754e81ccac641c8c1c19c834
                                                                                                                                                                                          • Instruction Fuzzy Hash: F3E15576A06104CFCB04CE7CD4A57EE7BF2EB85330F249219D815AB396D63E990B9B50
                                                                                                                                                                                          Function 0079E570 Relevance: .4, Instructions: 441COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 76f817267f017213ac37b6d2e4a258afc5efd3419a6767a2464374cf167979d2
                                                                                                                                                                                          • Instruction ID: 65357b0e670adf52b41ad89d59b902eceff66f9a04392ab42369f56f7b114e0d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 76f817267f017213ac37b6d2e4a258afc5efd3419a6767a2464374cf167979d2
                                                                                                                                                                                          • Instruction Fuzzy Hash: FAE1D576A40111CFCF04CFBCE5A4BEEBBF1BB99320F258119D902AB794D63A9805DB51
                                                                                                                                                                                          Function 00742A20 Relevance: .4, Instructions: 433COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 9bbddf9a7014b23fa80d03fa93372051aa19dcd2a2ea8dcb96ccd95bad7dba92
                                                                                                                                                                                          • Instruction ID: bcd1778e689c47283a4857a8d10086b829b16957973bee8e3f207b2412ba496a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bbddf9a7014b23fa80d03fa93372051aa19dcd2a2ea8dcb96ccd95bad7dba92
                                                                                                                                                                                          • Instruction Fuzzy Hash: F7E11576A50915DFCB00CE7CD8A47EE7BF2E749320F694215E810EB795DB3A980A9F40
                                                                                                                                                                                          Function 007A4CA0 Relevance: .4, Instructions: 432COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 694a3e4f6d22353c89c14a6970dc05abba3790b46d2bc4fabfa83b73fd5d0a6d
                                                                                                                                                                                          • Instruction ID: 1396c0ce69f83194da2697ae31227bb183c185fe40aafcd9012b9b726f050140
                                                                                                                                                                                          • Opcode Fuzzy Hash: 694a3e4f6d22353c89c14a6970dc05abba3790b46d2bc4fabfa83b73fd5d0a6d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EE11276E452048FCB04CEBCD5A53EE7BF2ABC6310F258219D915AB391DA7EAC058F50
                                                                                                                                                                                          Function 00791D30 Relevance: .4, Instructions: 426COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: cb049f81e7c501f0ded51fc6ea47e7b6a1c4c04ce16e996159591d2d95804c32
                                                                                                                                                                                          • Instruction ID: 01ffdab7d6efb203afd3e0732a6879528a2ef4598e35a3fdbac98ec6e578c9d7
                                                                                                                                                                                          • Opcode Fuzzy Hash: cb049f81e7c501f0ded51fc6ea47e7b6a1c4c04ce16e996159591d2d95804c32
                                                                                                                                                                                          • Instruction Fuzzy Hash: 66E11776A012059FCF04DFBCE9A57EE7BF2BB84310F258119D815AB395C63D9D0A8B44
                                                                                                                                                                                          Function 0074CA40 Relevance: .4, Instructions: 417COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2f66208936aaff38f5b40d3a729e896048f1a8cde183fd13590a0a41fbc12734
                                                                                                                                                                                          • Instruction ID: a9843110c3fb13c7d6918eabad5c8ccf5b4c75c5808b80b9766651dfe584c8b5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f66208936aaff38f5b40d3a729e896048f1a8cde183fd13590a0a41fbc12734
                                                                                                                                                                                          • Instruction Fuzzy Hash: 04E10476B421068FCB05CFBCD4A57EEBBF2EB85314F24852AD441AB354CB3E98069B54
                                                                                                                                                                                          Function 0074EBB0 Relevance: .4, Instructions: 413COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 25ee4f0f2a02afd4f2afb65927578b452b8faf39d162b68b9fc54f7e64dcc2b1
                                                                                                                                                                                          • Instruction ID: 8738bfec0940561160b7d8239a557a0e9d1039eba1f6ca592d42865bad04bc79
                                                                                                                                                                                          • Opcode Fuzzy Hash: 25ee4f0f2a02afd4f2afb65927578b452b8faf39d162b68b9fc54f7e64dcc2b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: B7D1C276B04215CFCF08CEBCC9957EE7BF2AB85324F294229C501AB395DB3D98468B54
                                                                                                                                                                                          Function 0076D8B0 Relevance: .4, Instructions: 409COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 50dedd90337778439ffe41c48869ed78b00524f93d982992c360facba8d59258
                                                                                                                                                                                          • Instruction ID: 0dfce41d24619845c8332facb27f74c5d3f6dc56fca5ec9d35a64e160d80c7ce
                                                                                                                                                                                          • Opcode Fuzzy Hash: 50dedd90337778439ffe41c48869ed78b00524f93d982992c360facba8d59258
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AE1E476E102148FCF14DFBCD4952DEBBF2AB88310F25852AD856AB395D6396C09CF80
                                                                                                                                                                                          Function 00791020 Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 973ba689b8ce278f54b2bec01b043d31c4640fbfeca20382ba54bf6c299d1bd8
                                                                                                                                                                                          • Instruction ID: a6513a723532f0606b440055a57f9287a8a057b1bbc96fe6e52b22945b9e0101
                                                                                                                                                                                          • Opcode Fuzzy Hash: 973ba689b8ce278f54b2bec01b043d31c4640fbfeca20382ba54bf6c299d1bd8
                                                                                                                                                                                          • Instruction Fuzzy Hash: FAD15676A44106CFCF01CEBCE9943ED7BF2AB85320F2A8116D911AB390C23E8C198F54
                                                                                                                                                                                          Function 00772350 Relevance: .4, Instructions: 402COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 887253355195a301efcd681420c1ea6959d3d1a10f2e93c9b8334aed15722409
                                                                                                                                                                                          • Instruction ID: 4d90b6d9f33225e3a8a228607d8c6fa19731c5f6b0fca0a601c9e36f7d135076
                                                                                                                                                                                          • Opcode Fuzzy Hash: 887253355195a301efcd681420c1ea6959d3d1a10f2e93c9b8334aed15722409
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FF18E75E01204CFCF04CFA8D5956ADBBF2AB88340F24C56AD815AB365DB39AC06CF95
                                                                                                                                                                                          Function 0073C960 Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: da19c9fed97bcd314d9f023111a941a2216130a71d8eb69da5dd8f755e136e75
                                                                                                                                                                                          • Instruction ID: 0ca46e99f7748e65d764bf857fb94d49012049213123ec5be48cde61a4403c37
                                                                                                                                                                                          • Opcode Fuzzy Hash: da19c9fed97bcd314d9f023111a941a2216130a71d8eb69da5dd8f755e136e75
                                                                                                                                                                                          • Instruction Fuzzy Hash: A1D1B076E00209CFDB05CFBCD5957EEBBF2AB89310F158129D441AB356DA3A9C098F51
                                                                                                                                                                                          Function 00757100 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 694382c4f794b9772210f21485f290729c168be84abf9fab209b4e8262c0f8a0
                                                                                                                                                                                          • Instruction ID: acdaba85bc9cf9550ff4f19f07dd30e00f2247ee5f4ce7893b0086aa70e47217
                                                                                                                                                                                          • Opcode Fuzzy Hash: 694382c4f794b9772210f21485f290729c168be84abf9fab209b4e8262c0f8a0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FC13776E046048FCB08CE7CE4A57EE7BF2A789330F254219DC11AB391E67A990DCB51
                                                                                                                                                                                          Function 0074D470 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: ab6047e0d4c3a9154dd9b58bb340c1b3cf3dbc5c612aa5d9e2178ba840223f26
                                                                                                                                                                                          • Instruction ID: 87777da45767b887df91a5ae421baff25d8b3aad26a8b7ea7106db4194c74e71
                                                                                                                                                                                          • Opcode Fuzzy Hash: ab6047e0d4c3a9154dd9b58bb340c1b3cf3dbc5c612aa5d9e2178ba840223f26
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2C14476A01605CFCB00CE7CD4A47EE7BF6A789320F358216D451AB394DA3EAC099B64
                                                                                                                                                                                          Function 00776C00 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d75f6024c87639c7d0171c74594fae3034a8c88ec7ed6bfba7265da6e744e5de
                                                                                                                                                                                          • Instruction ID: cb8228bd45e6dc4757ef2c3fb6be5bf42e3479f80057f3b73366234c0890c831
                                                                                                                                                                                          • Opcode Fuzzy Hash: d75f6024c87639c7d0171c74594fae3034a8c88ec7ed6bfba7265da6e744e5de
                                                                                                                                                                                          • Instruction Fuzzy Hash: BDC128B6B045118FDF04CF7CC4A57EE7BF2AB84360F25812AC545AB3A5DA3E9805CB94
                                                                                                                                                                                          Function 0074E1C0 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 52abfce989ea8b1637115509872ce56b501ffdcd16a0f28511f9b6b9d30f0916
                                                                                                                                                                                          • Instruction ID: a75be624906e1abd88454f62cdca2a37e303bce4fe3c6433558c23ffd74ddfd1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 52abfce989ea8b1637115509872ce56b501ffdcd16a0f28511f9b6b9d30f0916
                                                                                                                                                                                          • Instruction Fuzzy Hash: C5C12176E006058FCB04CEBCD5947EE7BF6BB99330F2A8115D401AB390DB7E98098B56
                                                                                                                                                                                          Function 0075DBB0 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 8c16b272b547470b8aa9b34222d10b7f87cd1c989f060f4ad6f479ff5f707b14
                                                                                                                                                                                          • Instruction ID: b6f63575ecf70642febd7847bb39747952d5d7593384824c7aefd6b62f780708
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c16b272b547470b8aa9b34222d10b7f87cd1c989f060f4ad6f479ff5f707b14
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EC12576A002148FCB14CE7CD4A57EE7BF2E789321F39521AD815AB390DABA5D09CB50
                                                                                                                                                                                          Function 0077C050 Relevance: .3, Instructions: 341COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5057bfd9660770f713b2197c6bb5e658b7bf80353bcaa44fe76f76012e2bb42f
                                                                                                                                                                                          • Instruction ID: a4de6037aa714ba25e6a536a4b3a5b5a2e8176c8770b96a5921a534a2c588423
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5057bfd9660770f713b2197c6bb5e658b7bf80353bcaa44fe76f76012e2bb42f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 13B12C76A14104CFDF059EBCD8953EE7BF2AB8D354F15812EC809B7395CA3E58058B91
                                                                                                                                                                                          Function 007A7840 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 542347adfc6542a65d4257f3e282bd977782015ba756396df5dff465118ea158
                                                                                                                                                                                          • Instruction ID: 4b3873e8957e919e02b9fa1a42ee7fd07737b4515aea045424ce2ece96530ed9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 542347adfc6542a65d4257f3e282bd977782015ba756396df5dff465118ea158
                                                                                                                                                                                          • Instruction Fuzzy Hash: C1B10676E081148FCF088E7CD9543EE7BF2A7CA320F15431AD951AB391CA3E5806DBA0
                                                                                                                                                                                          Function 00740AA0 Relevance: .3, Instructions: 338COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 08c999535173231e339c030804dcc83728c5af6f273960c183b47f1eb89caba4
                                                                                                                                                                                          • Instruction ID: 8b60020ecd97ced899b9cf0288648f58bfb85b6a9ac22fffb0b378f0c8eaf6bd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 08c999535173231e339c030804dcc83728c5af6f273960c183b47f1eb89caba4
                                                                                                                                                                                          • Instruction Fuzzy Hash: E4B14676A54514CFCB04CEBCD8A47EE7BF2B788360F258619D9119B394C73E68058F94
                                                                                                                                                                                          Function 0076E160 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: ef25641ce2910aed7c6fe7188a6847ba8808b2fd8e1b6b34501d4449f5266eaf
                                                                                                                                                                                          • Instruction ID: 5ce510d0acb37eeb76c5809e7473baa65ae509c2367d5dbffb44a958fccb3ba5
                                                                                                                                                                                          • Opcode Fuzzy Hash: ef25641ce2910aed7c6fe7188a6847ba8808b2fd8e1b6b34501d4449f5266eaf
                                                                                                                                                                                          • Instruction Fuzzy Hash: 04C1153AA05105CFCB04CEBCD9956ED7BF2BB99340F24811ADC12AB758DA3D8905DF25
                                                                                                                                                                                          Function 00787880 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 24ee18a2fdc495b72982d48733a35d5c764e89c91d90615b447f31ffc61f85f3
                                                                                                                                                                                          • Instruction ID: 1941d751e6d222570a923bf2ce8e8d9f7699c746e95131d149b62e0e41f6c318
                                                                                                                                                                                          • Opcode Fuzzy Hash: 24ee18a2fdc495b72982d48733a35d5c764e89c91d90615b447f31ffc61f85f3
                                                                                                                                                                                          • Instruction Fuzzy Hash: D2B12876A54115CFCB08DEBCC4A87EE7BF6AB85320F358519D802AB390D93A9C05DF51
                                                                                                                                                                                          Function 007B2510 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 8eb269957c21278b94eff9dddcc5a84c45b9c2281ae26ef5609a64fd30f25446
                                                                                                                                                                                          • Instruction ID: 3f7a6396f9d559f84574f50e6df88332520932c41220e3a26a3d0a6693ab0a98
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8eb269957c21278b94eff9dddcc5a84c45b9c2281ae26ef5609a64fd30f25446
                                                                                                                                                                                          • Instruction Fuzzy Hash: D6B12636A122048FCB00CE7CC4A53EE7BE2A785324F258619D915AB3E6C93E9D068F50
                                                                                                                                                                                          Function 0079B8A0 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f175fae2ed793398a7ae23e4de8f72ebfe288194520c3320de47d830ed3aa9df
                                                                                                                                                                                          • Instruction ID: aabfd36404e1c0338a3ac45ff457f9140ff94a4c2e74a60e0a90a3afd8841deb
                                                                                                                                                                                          • Opcode Fuzzy Hash: f175fae2ed793398a7ae23e4de8f72ebfe288194520c3320de47d830ed3aa9df
                                                                                                                                                                                          • Instruction Fuzzy Hash: 51B1F376A45204CFCF04CEBCF6956ED7BF2AB89320F249529D442AB354DB3AA805CB54
                                                                                                                                                                                          Function 00796A60 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 014cc72689a661d0cbb8cd92d5b8a5205a26d5d543dde00cf00ed02ae8ffe98a
                                                                                                                                                                                          • Instruction ID: a4c3eb5b9aa960042d33d3ef81c0e5d88997849a891b61162ac859e2d5e98f59
                                                                                                                                                                                          • Opcode Fuzzy Hash: 014cc72689a661d0cbb8cd92d5b8a5205a26d5d543dde00cf00ed02ae8ffe98a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FA11576E041158FCF04CE7CD9A43EE7BF2EB49320F298315D961AB3A4D63E98099B54
                                                                                                                                                                                          Function 00755250 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 21493f10d67c78dc2c2003afe01a88b9d8635700bfb93a9be09667f264daf391
                                                                                                                                                                                          • Instruction ID: db8a3679008dd4de904c2133802372edd8fae575e4e6a17f825d271bcb2b3afe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 21493f10d67c78dc2c2003afe01a88b9d8635700bfb93a9be09667f264daf391
                                                                                                                                                                                          • Instruction Fuzzy Hash: 27A16D76A449018FCF00CE7CC8B43DE7BF2E745322F699216C815AB391DA7E990E9B50
                                                                                                                                                                                          Function 00791910 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4b735c2c45eec929b132d903fd3e20e551c3ff7b90e2c7d29b46b66a9ff71f15
                                                                                                                                                                                          • Instruction ID: d84b6e6b1d12418a6d67bf7e815c1b9f7c819566951469ce52b833a7f051ec4b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b735c2c45eec929b132d903fd3e20e551c3ff7b90e2c7d29b46b66a9ff71f15
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32A14A36B402128FCF04CE7CE9A43DE7BF2A785330F699219C511AB394C63E9D058B50
                                                                                                                                                                                          Function 007B63F0 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 991c946399aaf93d76fc3dce8f33c4ce59e6176293adebde01f786ac34dcccf2
                                                                                                                                                                                          • Instruction ID: 9f992efa1ac6213ed9e1516e9f08676790c5fee93de9ff1fe63ec6f2329b058b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 991c946399aaf93d76fc3dce8f33c4ce59e6176293adebde01f786ac34dcccf2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 75A14636A44650CFCB04CE7CC8A47EE3BF2E745334F285229C611AB7E4CA3E99499B54
                                                                                                                                                                                          Function 0077D070 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 02187b100c18615f4fe3e07ac1944b3abb99d68417626e5014ef6dfd96da51c6
                                                                                                                                                                                          • Instruction ID: 20f60239efccfab19ea92545a2e52f50e6f54d1bae067c907ff48d9e277254f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 02187b100c18615f4fe3e07ac1944b3abb99d68417626e5014ef6dfd96da51c6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EA10936A41115CFCF14CE7CC9957EE3BF2AF49360F298515C819AB390DA3E9C059BA4
                                                                                                                                                                                          Function 00778470 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 063fd5a96698bd9051a5f9e4fbdb51d789628ea05907fcd6a109df36cbb7767d
                                                                                                                                                                                          • Instruction ID: 7209f117a27598bd23cf02d6d88e561dcf4cc49c1a87f6dc254551070d781b51
                                                                                                                                                                                          • Opcode Fuzzy Hash: 063fd5a96698bd9051a5f9e4fbdb51d789628ea05907fcd6a109df36cbb7767d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 06B10776A54214CFCF44CEBCD8986EE7BF1BB493A0F288116D815EB394CA3DD8058B56
                                                                                                                                                                                          Function 0077D490 Relevance: .3, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 79a24ec70264bf68bbdb9c704131f8fff3d64519fd475103bca32def525bc06b
                                                                                                                                                                                          • Instruction ID: a6e3780a9a27a2fbec7075c10975420874fd9186bb4bb7f00e279f8bb367cc18
                                                                                                                                                                                          • Opcode Fuzzy Hash: 79a24ec70264bf68bbdb9c704131f8fff3d64519fd475103bca32def525bc06b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 54A10476A401118FCF04CE7CC8543EE7BF2AF89364F29C219C559AB394DA3EAC059B65
                                                                                                                                                                                          Function 0077B530 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 931afdc1b214b4654b33dde9917a90128799c629e314b48a45bfa4b1188e54ce
                                                                                                                                                                                          • Instruction ID: 2a698d86c9833e0e4fccf7005e7ce35b1b6955e903646783916451a8266d0efd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 931afdc1b214b4654b33dde9917a90128799c629e314b48a45bfa4b1188e54ce
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCA15B36A10215CFCF04CE7CC8A47FE37F1A785360F298219C6699B390DB2E59069FA1
                                                                                                                                                                                          Function 007B1C40 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: e050b05ea776a62da884ff3cbfc1e2d2746299c1e0bc49e3e8eefe66ab31224a
                                                                                                                                                                                          • Instruction ID: a7765bf91ffebda0a81edafa43dcf2c756eba6fc81b7105ded3887f367b1b040
                                                                                                                                                                                          • Opcode Fuzzy Hash: e050b05ea776a62da884ff3cbfc1e2d2746299c1e0bc49e3e8eefe66ab31224a
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0A1BF76E49205CFCB04CFACD5A47EDBBF2EB88350FA88116D801AB354D6399806DB95
                                                                                                                                                                                          Function 00754C40 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2ca012c8e73d71d9b3b64b61e90b6792a1ee3fdba60366f43f6feddde2225812
                                                                                                                                                                                          • Instruction ID: 79e2a5e48736c12d16f7f647bdb577013996401611a1ffe2530a74c0bf6c4d5c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ca012c8e73d71d9b3b64b61e90b6792a1ee3fdba60366f43f6feddde2225812
                                                                                                                                                                                          • Instruction Fuzzy Hash: 55A10476B04205CFCB04CFBCE9946EEBBF2BB88315F24411AD901AB354CA7A9D49CB54
                                                                                                                                                                                          Function 00787270 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2ec863bc32d5ab1c3b9f88d6ec85d1cc7c3e5de87a405f0128f372fa6e04a860
                                                                                                                                                                                          • Instruction ID: 7756430a362f47b9e628b9e512cb120f62dd924f9fbe1f3df54ea5b8f0e4a42e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ec863bc32d5ab1c3b9f88d6ec85d1cc7c3e5de87a405f0128f372fa6e04a860
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CA12636A482118FCF08DE7CC9A53DD7BF2A749360F394219D412AB3A4DA2ED909DB51
                                                                                                                                                                                          Function 0077F400 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: e1f1e9b3c062e5ed1e34992603ae64d86309db4a193a90c515ccc8f23edde027
                                                                                                                                                                                          • Instruction ID: f6d1d3b8dd387cc7da24056611675af5fc7fe2fee75b3bdf80a4a51a8c9f2370
                                                                                                                                                                                          • Opcode Fuzzy Hash: e1f1e9b3c062e5ed1e34992603ae64d86309db4a193a90c515ccc8f23edde027
                                                                                                                                                                                          • Instruction Fuzzy Hash: CAA11776B00104CFCF04CE7CCA947ED7BE2A789360F29863AC419AB3D4CA3E99059B55
                                                                                                                                                                                          Function 007A24B0 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 70a5c7a39613cc8f11d23f5e2ae97d6c40e12d3f45c1d378dee3470966bdefd4
                                                                                                                                                                                          • Instruction ID: adf0d059a59e89873291a23b08fa652a9ed7e4dbaf77a1df317c675445fa2750
                                                                                                                                                                                          • Opcode Fuzzy Hash: 70a5c7a39613cc8f11d23f5e2ae97d6c40e12d3f45c1d378dee3470966bdefd4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5591E236F44111CFCF048E7CC9A57ED7BF2B78A350F28431AD801AB791DA2D99069B54
                                                                                                                                                                                          Function 0077CCA0 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a184fe5fda1aa1b1f2f87bab028204da397ed49d9a6e314f7183d6abf2ee2078
                                                                                                                                                                                          • Instruction ID: 2370279cce3868bc0561f0ede5d1c4a9aeb63dc146735743630b695e6d1842f3
                                                                                                                                                                                          • Opcode Fuzzy Hash: a184fe5fda1aa1b1f2f87bab028204da397ed49d9a6e314f7183d6abf2ee2078
                                                                                                                                                                                          • Instruction Fuzzy Hash: CB913636B15205CFCF158E7CC9543ED7BF1AB49390F28955AC808AB354DA3E8D06DB64
                                                                                                                                                                                          Function 00755950 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5871f108a3f7fedd27715ab238879e13727184a4357cdbd9626e6f5a5869ced4
                                                                                                                                                                                          • Instruction ID: 4f8c1aa15087e560f2a9925f5b84126ca0b366d0e01a95a6403adeb0e40a0a55
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5871f108a3f7fedd27715ab238879e13727184a4357cdbd9626e6f5a5869ced4
                                                                                                                                                                                          • Instruction Fuzzy Hash: A591D132A04506CFCB08CBBCD5B46ED7BF1AB49311F24812ADC46BB350CA799D09DB59
                                                                                                                                                                                          Function 0075CA50 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: bb34a0923077af9fe8434765fcf9c0f9a471ab4130693acb0225ddf64992a79a
                                                                                                                                                                                          • Instruction ID: 9863d45d648f8d0588335e91c16a720a9b9ee007e33ff635fdc95df2d7c37779
                                                                                                                                                                                          • Opcode Fuzzy Hash: bb34a0923077af9fe8434765fcf9c0f9a471ab4130693acb0225ddf64992a79a
                                                                                                                                                                                          • Instruction Fuzzy Hash: D3A15EB5E003088FCB14DFA8C4856DEBBF6EF89320F258229D814A7391D675AC45CF91
                                                                                                                                                                                          Function 007A4400 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: da9047b874d603702a0f798f4269126611998cec924dd67bebdc964aadb018a3
                                                                                                                                                                                          • Instruction ID: a70ff11828cc97e6737d7dc9616aba8bc64967d8bd13633a45385a55b7a1917d
                                                                                                                                                                                          • Opcode Fuzzy Hash: da9047b874d603702a0f798f4269126611998cec924dd67bebdc964aadb018a3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B91243AB45145CFCB04CEBCD9542ED7BF2ABCA311F288229D801BB355C77E99069B25
                                                                                                                                                                                          Function 0076B140 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3b6cc536f1c02c6ce9d2a426733b976c3494d2fbaac91d61247b538e2b3fd6a6
                                                                                                                                                                                          • Instruction ID: 41df4ce1dc8fe1aee025d93675597267a3bcaae9f223d79720ad76451b31c4bf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b6cc536f1c02c6ce9d2a426733b976c3494d2fbaac91d61247b538e2b3fd6a6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 09915BB5A012059FCB04CFACC89169EBBF6FB8E324F254169E955EB390C7366845CF90
                                                                                                                                                                                          Function 00741AF0 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 2ba71bde1a3b75fe8ef40eda96a655503522b5914238639ccbf626780f96e186
                                                                                                                                                                                          • Instruction ID: c0c1a7699f444233e8d5b64648e27f5811f8b290ab9f06153abfb15ee5e1cee1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ba71bde1a3b75fe8ef40eda96a655503522b5914238639ccbf626780f96e186
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E81A0B5E002049FCB00DFBCD8856EEBBF5EB49320F544629E815AB395DB3A9905CF91
                                                                                                                                                                                          Function 007A2880 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: bb52a8209559a66bd39d93c6a3d515d4fa93ee82ffe282255122ad505526c8d3
                                                                                                                                                                                          • Instruction ID: 197be1024d40f1fe4da4dd34e433054066e701d24d4592e03fe2dcd3a87fa840
                                                                                                                                                                                          • Opcode Fuzzy Hash: bb52a8209559a66bd39d93c6a3d515d4fa93ee82ffe282255122ad505526c8d3
                                                                                                                                                                                          • Instruction Fuzzy Hash: B981C1B5E05208CFCB04EFB8D4556DEBFF2AF89310F14822EE455AB395DA395806CB91
                                                                                                                                                                                          Function 00764400 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 01d630d1835d7c51925fdf8a47ce249bdac3bffdd96a25164ee0dd9bd80f48bc
                                                                                                                                                                                          • Instruction ID: aed270b262b4b2db79d8ed3acfab74ff272ec0be78f5a7fe01be839ad47d8a37
                                                                                                                                                                                          • Opcode Fuzzy Hash: 01d630d1835d7c51925fdf8a47ce249bdac3bffdd96a25164ee0dd9bd80f48bc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 147105B5E002448FCF04EFBCD4993EE7BF2AF89314F254629D812A7391D63A5905CB92
                                                                                                                                                                                          Function 00767B30 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: fd4884d57d6b91a3bfc2e11c42284dbe834297ebf72d6f7574678e1f698b5e08
                                                                                                                                                                                          • Instruction ID: 36842ea7b8cc38d1e079a62f23e2361e52a85875851de2b856fe17cde40b8722
                                                                                                                                                                                          • Opcode Fuzzy Hash: fd4884d57d6b91a3bfc2e11c42284dbe834297ebf72d6f7574678e1f698b5e08
                                                                                                                                                                                          • Instruction Fuzzy Hash: D171D0B5E092088FCB04DFBCD4952EEBFF5AF49360F25462ADC55A7340C63A6805CB92
                                                                                                                                                                                          Function 0077BAD0 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: fcf3bed0e1d9f2a60ac440cf87183eb60d1f473eb5980287ceec8b0c5a2ef146
                                                                                                                                                                                          • Instruction ID: 06db36585b299910f183f6c4bebfc2c1ed5cf7d00fc40dafb16de4c84c23adb9
                                                                                                                                                                                          • Opcode Fuzzy Hash: fcf3bed0e1d9f2a60ac440cf87183eb60d1f473eb5980287ceec8b0c5a2ef146
                                                                                                                                                                                          • Instruction Fuzzy Hash: 73718FB6E112058FCF01CFACD4857DEBBF6EB89360F258215D818AB351D73A99058FA1
                                                                                                                                                                                          Function 0077FB90 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: bbf15b3109813e15767ae63d79201b649988ad1b7fdb8ea6d510f9ab56143743
                                                                                                                                                                                          • Instruction ID: 67f0f2e8a4fcddcace4b6ae5c0448074721118a48cdc54495562298d6b3039ce
                                                                                                                                                                                          • Opcode Fuzzy Hash: bbf15b3109813e15767ae63d79201b649988ad1b7fdb8ea6d510f9ab56143743
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8071A1B5E00205CFCF00DF7CD4957DEBBF1AB49324F258629D815AB3A1D63A6809CB91
                                                                                                                                                                                          Function 00798390 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 93ad82606856804cef7f59e50725ea504ac20f485863c368618497d53b7479c5
                                                                                                                                                                                          • Instruction ID: be964e39e009b6b6b13bdcd3d86a965166e4dadf8862b5562dc682964760e632
                                                                                                                                                                                          • Opcode Fuzzy Hash: 93ad82606856804cef7f59e50725ea504ac20f485863c368618497d53b7479c5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 907186B5E01204DFCF00DF7CE4856DE7BF1EB4A324F154269D915AB3A1DA36A905CB82
                                                                                                                                                                                          Function 00760920 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: ed0c7c7824a602a0dae7a7e6321ae1e19032c0942642ef299eeffe517e5a69d6
                                                                                                                                                                                          • Instruction ID: 9491c7202ce7d015c74f616794d38876f8aa6bfe22b1a49611d7d56fa5c2829c
                                                                                                                                                                                          • Opcode Fuzzy Hash: ed0c7c7824a602a0dae7a7e6321ae1e19032c0942642ef299eeffe517e5a69d6
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F71D5B5E002049FCB04DF7CD8957DFBBF6EB89320F258229D815A73A1D63A6905CB91
                                                                                                                                                                                          Function 007AA950 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3ad71048d21e1c2fdeb6589b3bddbd483de20127b1e9981c8a14c0539395233b
                                                                                                                                                                                          • Instruction ID: ae4eaef7f635b00d7a0c91be5e8723933528728fc654c0baca3c6c471d14bb12
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ad71048d21e1c2fdeb6589b3bddbd483de20127b1e9981c8a14c0539395233b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2671D1B5E002149FCF04DFB8D4957EEBBF1AB8A320F11822AD855AB351D73A5905CF92
                                                                                                                                                                                          Function 0074ABC0 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 7e9ef4a3a5a0b10d3399729985a41d06f875bf09fe476dc5573c03485aebe988
                                                                                                                                                                                          • Instruction ID: 950f5673eae12be2183a3c2f4d8ed844079d5b2ab60633785e2e74d2dbe65808
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e9ef4a3a5a0b10d3399729985a41d06f875bf09fe476dc5573c03485aebe988
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7661C276E402158FCB04DFB8D4953EEBBF6EB89320F25822AD85467390D73A5905CF91
                                                                                                                                                                                          Function 0076F230 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 560cb809185b11e311475289472918c40a73ac51b200b675a6c0dab82ac3e1ed
                                                                                                                                                                                          • Instruction ID: 67e88a790c9b6e519d7273e4c33f1c3d818dd495d0e12d85a99ad1f88226196f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 560cb809185b11e311475289472918c40a73ac51b200b675a6c0dab82ac3e1ed
                                                                                                                                                                                          • Instruction Fuzzy Hash: F661C1B5E142148FCF04DFB8E4957EEBBF2AB89320F11812AD851AB350DA3A5805CF91
                                                                                                                                                                                          Function 0077D8A0 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 6ca2b29e67ee2297fc82265316dec0141131303d41c8e20f1b4b60171e24e440
                                                                                                                                                                                          • Instruction ID: c044e711b09e1213f4baaf19c49012d293955dd5b56e34b733a15fc39cefcfc3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ca2b29e67ee2297fc82265316dec0141131303d41c8e20f1b4b60171e24e440
                                                                                                                                                                                          • Instruction Fuzzy Hash: A151C076E002048FCF04DF78D4956EEBBF2EB89360F258229D555A7390DA3A6D09CF51
                                                                                                                                                                                          Function 00754A10 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 8a4080f80cebe97dc0c935984ad6d8480fa1bc01846cf9c18f6da3c8579cd2c9
                                                                                                                                                                                          • Instruction ID: 6d698b5ee402364b0bc51270072174f0679249282e2a22ccd105f9293ea7cffa
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a4080f80cebe97dc0c935984ad6d8480fa1bc01846cf9c18f6da3c8579cd2c9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F5124B5A012048FDB04CF7CC4947DF7BF2AB89324F248159D811AB391C67A99098F61
                                                                                                                                                                                          Function 0074D240 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 43fafae80f98ee1344590122ca1524dd39fbf1f37886ab928d6a9272b23ec25b
                                                                                                                                                                                          • Instruction ID: 6bd56453dd2a62d8ae855ca9495e6f4580c4b29ffcaef495c7f0cb8e497a15c7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 43fafae80f98ee1344590122ca1524dd39fbf1f37886ab928d6a9272b23ec25b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8851D071E402158FCF04CFB8D4947EEBBF6AB49320F25421AD864A7391D73A9C058F91
                                                                                                                                                                                          Function 00797BE0 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 319aac007eae7636fd0beb0baf6a448dafadcf4626ecf4f647da071eaabfd2c7
                                                                                                                                                                                          • Instruction ID: 9eeca0b5cc698fd5a6879c5393b0a985398ad520ade2d75f52eff574213e0375
                                                                                                                                                                                          • Opcode Fuzzy Hash: 319aac007eae7636fd0beb0baf6a448dafadcf4626ecf4f647da071eaabfd2c7
                                                                                                                                                                                          • Instruction Fuzzy Hash: C451BD75E14619CFCF08CFB8D4947EEBBF6AB49320F25411AD815BB350D63A5905CBA0
                                                                                                                                                                                          Function 0077ECC0 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3c5c21af2b8709ae78313bea92042b43d49a70c9f0d9748d93f43c4543fdb398
                                                                                                                                                                                          • Instruction ID: ddd5699e5d6810e2ef24f215c04544bb42822dbba6408d60137d12cf5799093a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c5c21af2b8709ae78313bea92042b43d49a70c9f0d9748d93f43c4543fdb398
                                                                                                                                                                                          • Instruction Fuzzy Hash: BD51D171E002098FCF04CFB8C4946EEBBF6AB89360F25865AD814B7391DA7A5D05CF91
                                                                                                                                                                                          Function 0079F470 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 61d989ee6e561574d1004fc930a1aea4271b0d0b07fa634e661d0fdc715e7b28
                                                                                                                                                                                          • Instruction ID: b1b99ca1a798e21379cb4f31479bdbc8d7d34548374921a127e8c55ad01285e4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 61d989ee6e561574d1004fc930a1aea4271b0d0b07fa634e661d0fdc715e7b28
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5751C2B6E006159FCF00CFBCE4947DE7BF5AB49324F254166E814EB360D63AA9058F91
                                                                                                                                                                                          Function 0075E570 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: cf6e2c58d080cf7402b237e39cc5649879b576c9ebd40dab6168f7f94d81ef88
                                                                                                                                                                                          • Instruction ID: 23124b092ec472037d36b073ff24cc790a29c7132e32791ef473a6a3333cd688
                                                                                                                                                                                          • Opcode Fuzzy Hash: cf6e2c58d080cf7402b237e39cc5649879b576c9ebd40dab6168f7f94d81ef88
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2251F176E002158FCF04CFB8C8997DEBBF1EB49321F254629D814AB390D67A9909CF90
                                                                                                                                                                                          Function 007B69A0 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5d7c382834639a313fa4838b3205d6a9de09653fd1aea8888ab90ccc73479bf2
                                                                                                                                                                                          • Instruction ID: 222ba3441853d3d2e4833cabd3b79c49743974b130f71e278146978384527d33
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d7c382834639a313fa4838b3205d6a9de09653fd1aea8888ab90ccc73479bf2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C51C4B6E041148FCB04DF7CC5957DEBBF6EB89720F15821AD514B7391CA3A6904CB91
                                                                                                                                                                                          Function 00790A80 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c2ad27758c33823445c437e23d98e1b59fd8331ef1b258857da9e7e6a1e14903
                                                                                                                                                                                          • Instruction ID: edd79f947255d5a5d79c57e7f58d7ac3eaac5a98f691691cecec11de9b350ff9
                                                                                                                                                                                          • Opcode Fuzzy Hash: c2ad27758c33823445c437e23d98e1b59fd8331ef1b258857da9e7e6a1e14903
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8151C476E112158FCF04CF7CE4946DEBBF6EB89320F25821AD824A7390D63A5905CF91
                                                                                                                                                                                          Function 007940A0 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 7a7d40361ba363fbf262f25ef20a26995af344d5303d5ebd767002faeb4963dc
                                                                                                                                                                                          • Instruction ID: 7400240dbbf51eaa42bdcd049422e9b3addfa3a5574403afe6466c96ac684b7a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a7d40361ba363fbf262f25ef20a26995af344d5303d5ebd767002faeb4963dc
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9651D576E002198FDF00CF7CD8956EE7BF6EB89330F294319D5216B3A0D63A69058B91
                                                                                                                                                                                          Function 00766CC0 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: bf66b56a1fc79051336c2b85a156928eeb23d99dd7c2289a622379fd91df42c6
                                                                                                                                                                                          • Instruction ID: c93abc5ae3bf02ed0bbcc85f69dd887035214f9d67195be5b4de5319343380c8
                                                                                                                                                                                          • Opcode Fuzzy Hash: bf66b56a1fc79051336c2b85a156928eeb23d99dd7c2289a622379fd91df42c6
                                                                                                                                                                                          • Instruction Fuzzy Hash: EE51C5B6E001158FDB04CF7CD9956EF7BF6EB49720F254219C8627B3A0D63B69048B91
                                                                                                                                                                                          Function 007601B0 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3f18e304039870685206517f3d14b71c51ad8a118faa9d2ffbff4a37132b3d45
                                                                                                                                                                                          • Instruction ID: 96d28f8d614c664bc3c057b5d79f1c5e120e7861515a22ea39c61614599dfe19
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f18e304039870685206517f3d14b71c51ad8a118faa9d2ffbff4a37132b3d45
                                                                                                                                                                                          • Instruction Fuzzy Hash: B951D4B6E002148FDF04CFB8D4A97EF7BF2EB49720F254619D82167390D63A59048F91
                                                                                                                                                                                          Function 00789240 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3f32cea9fa1a6ab77630ae542f2cd97b779fc0f606ffb3b3059302cdc408ee95
                                                                                                                                                                                          • Instruction ID: 82e9cb52113a3059adf7da8eca462c8f77118a61de46a10f767f06398296221c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f32cea9fa1a6ab77630ae542f2cd97b779fc0f606ffb3b3059302cdc408ee95
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F5106B6E402088FDB04EFBCC4947EEBBF2EB89320F254529D915A7390D63A5905CF95
                                                                                                                                                                                          Function 007B38E0 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4471131839b36b756f7513c9a49f1ceb5ebba3db8cb3263e6a94e964af8701b1
                                                                                                                                                                                          • Instruction ID: 72f01af3132d266172dda2f7800e3e81ddfc0a7c0b258d52af686d4084d2741a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4471131839b36b756f7513c9a49f1ceb5ebba3db8cb3263e6a94e964af8701b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3551D2B6E002148FCB04CF7CC4847DEBBF2AB49324F154219D865BB3A0D67AAA058F91
                                                                                                                                                                                          Function 0077A220 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 53898d55cbd483ea95219abd6856e04c3d2766d13489b16bb2df54086f4c9142
                                                                                                                                                                                          • Instruction ID: a56a5c10f40d421d963d61c5abca1dfede517081be2aa7859de18fd92a286010
                                                                                                                                                                                          • Opcode Fuzzy Hash: 53898d55cbd483ea95219abd6856e04c3d2766d13489b16bb2df54086f4c9142
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6751E375A102049FDF00CF7CC5947EE7BF6EBC9360F258219D458A7391C63A59098FA2
                                                                                                                                                                                          Function 007A0360 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: cdfe48fd203a74ee54b4b8707ac9f418457ff284d59bcd24b67ba6d135a25b95
                                                                                                                                                                                          • Instruction ID: bc22cdb2c1ba32b58a5d694804895a014e2c371eec34f26faf0f4d46219d2e96
                                                                                                                                                                                          • Opcode Fuzzy Hash: cdfe48fd203a74ee54b4b8707ac9f418457ff284d59bcd24b67ba6d135a25b95
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9051E372E005058FCF04DF7CC4A57EEBBF6AB8A320F258619D515AB390D63A99058F91
                                                                                                                                                                                          Function 00779C70 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 8cfd4ada1c16bce374a9fc6a9d886827681d672b8b5a7a9d5fb85198d248af83
                                                                                                                                                                                          • Instruction ID: c762826a4fbe7d9b44815221edca9026c8fe0a88ab047747a4655a5cf06d847e
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cfd4ada1c16bce374a9fc6a9d886827681d672b8b5a7a9d5fb85198d248af83
                                                                                                                                                                                          • Instruction Fuzzy Hash: 685128B6E012158FCF04CF7CC4957EEBBF6EB89360F158219D51967394CA3A58058FA1
                                                                                                                                                                                          Function 007520E0 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 32d7f30421f9c219707ba260de469c50a2511561191f106ce01596e78e2951c9
                                                                                                                                                                                          • Instruction ID: dd10b99af373f428cc4703a8049861c7d859810910549ad33ecb95a982d936dc
                                                                                                                                                                                          • Opcode Fuzzy Hash: 32d7f30421f9c219707ba260de469c50a2511561191f106ce01596e78e2951c9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 725108B5E006049FCB04DF7CC4853DFBBF5AB4A321F264219D914BB391C67A590A8F91
                                                                                                                                                                                          Function 0077E150 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b77eb5bdccf041f5e7d705ff6026672751074d05f6197dfa6960c9321d1f3979
                                                                                                                                                                                          • Instruction ID: 7fbbde76872f8917f9b97cc88dbf38f7e91e1c1a2dac2ba8e0bab8fbc24477a7
                                                                                                                                                                                          • Opcode Fuzzy Hash: b77eb5bdccf041f5e7d705ff6026672751074d05f6197dfa6960c9321d1f3979
                                                                                                                                                                                          • Instruction Fuzzy Hash: BD515C72E112148FDF048A7CC8953EF7BF2A74A371F16475AD9259B3D1C93B09098B90
                                                                                                                                                                                          Function 00753A00 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 7b6892ad5c366ef6bcb330388b24fa5589e08c5961efb9e4df0cad0c5278368f
                                                                                                                                                                                          • Instruction ID: e78137425833c1af002ebaa063fd400848178458e480c4d63dd64768a5d5ece7
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b6892ad5c366ef6bcb330388b24fa5589e08c5961efb9e4df0cad0c5278368f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B513872B006058FCF04CA7CC8A57EF77F2AB89361F248629C555973E1CA7F99098B80
                                                                                                                                                                                          Function 0079C340 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 1c9deff72459a16e2aa9f27d55d475f61f14308051150ee4036567a53bb26ca2
                                                                                                                                                                                          • Instruction ID: d01d0a443b96440de91c168cff0f90bf53bb60c249b137f0a6a7dba7d6ba4fbb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c9deff72459a16e2aa9f27d55d475f61f14308051150ee4036567a53bb26ca2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C51F736B411058FDF05CE7CE8A57EF7BF2AB89320F254229D5119B3A0DA3E99058B80
                                                                                                                                                                                          Function 007A6950 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 28f1413dc8463322cf98a1bf7c2914c851b444c8343f87f72d84b7dd22dfe1fa
                                                                                                                                                                                          • Instruction ID: 71468f175196f74f93c16a065cef72857dc078b36f74794ba7ef31816ee7c477
                                                                                                                                                                                          • Opcode Fuzzy Hash: 28f1413dc8463322cf98a1bf7c2914c851b444c8343f87f72d84b7dd22dfe1fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 95412B76E046148FCB00CE7CC4947DF7BF6AB9A324F2A425AC514AB3A1C63B5809CB90
                                                                                                                                                                                          Function 007762E0 Relevance: .1, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 1d909e9b83867d8dcffa8cb69e9cb397f499a9e72868e674f4f0bc5ca92d33aa
                                                                                                                                                                                          • Instruction ID: 07d53761920a6a619546b309d6ffe9ad9a78b1c71da656193d2210b474785478
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d909e9b83867d8dcffa8cb69e9cb397f499a9e72868e674f4f0bc5ca92d33aa
                                                                                                                                                                                          • Instruction Fuzzy Hash: B24129B6B016058FCF00CF7CC4947EE7BF6AB89370F258219C5549B395C63A5905CB51
                                                                                                                                                                                          Function 007818B0 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 31a641812ea7442f274a4589c895f05b84553931422c0dfc0bf2d7cc35b0e56d
                                                                                                                                                                                          • Instruction ID: 8a2b7bf713daeed6ca853f4b2baa16b17051be9fbab11917fbb10787068bc7dd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 31a641812ea7442f274a4589c895f05b84553931422c0dfc0bf2d7cc35b0e56d
                                                                                                                                                                                          • Instruction Fuzzy Hash: A0418937F852158FCB009B7CC8A53EE7BF5AB15331F16421AD820A73D1C62B590A8B90
                                                                                                                                                                                          Function 00744800 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 8562bc306789d5fde794b894dbfe9fccc84b9c68d88539ead4b80fd7de58bcd2
                                                                                                                                                                                          • Instruction ID: 768f37246c03b625f6da375027afd26168597414330205468f100f20e2f58707
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8562bc306789d5fde794b894dbfe9fccc84b9c68d88539ead4b80fd7de58bcd2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 03412572E016158FCB04CA7CC8947EF7BFAAB49360F250229D465AB3E1C72B6D059F91
                                                                                                                                                                                          Function 00795A60 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: cfc0dba2261c8aabf7feb8deee62769581e0d59d682334e40e0ebd2bed5737d2
                                                                                                                                                                                          • Instruction ID: ef26929a2b93ed4d5043097ad91d159cec7f494072f35598b55b8c1e9c87283b
                                                                                                                                                                                          • Opcode Fuzzy Hash: cfc0dba2261c8aabf7feb8deee62769581e0d59d682334e40e0ebd2bed5737d2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E415976A002168FCF05CF7CD8A53EE7BF2AB46330F154219C825A73C1C92E1906CB50
                                                                                                                                                                                          Function 00770A60 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3e5e4d93836fe68021b86c1a3437f3ef41d1fe128f0bb42b97127c2f6576ebf1
                                                                                                                                                                                          • Instruction ID: 6cfbe81804167774ab701acd040e374b76a202473921a1fada343849287383cb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e5e4d93836fe68021b86c1a3437f3ef41d1fe128f0bb42b97127c2f6576ebf1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 38410376E002198FCF04CA7CC8957EE7BF6A749360F25831AD825A73E1D66A5D04CBA0
                                                                                                                                                                                          Function 0073D180 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 56f114cf8010bef988427bf7f4e73579558051ee079cd40f5727c7574cfadb9c
                                                                                                                                                                                          • Instruction ID: d8e0daed65456e853698dee606fd0411e19ec05767980f29c0f319430087ae13
                                                                                                                                                                                          • Opcode Fuzzy Hash: 56f114cf8010bef988427bf7f4e73579558051ee079cd40f5727c7574cfadb9c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 86414776E002198FEF018F7CD9917EF7BF1A749320F150269D810A7392D62B9D098BA1
                                                                                                                                                                                          Function 007603C0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 7b4e63f5c8c8e657a3e0cc14a59ab748c921727376239ef35d722158f58994e5
                                                                                                                                                                                          • Instruction ID: 784717c0ae4b52b56a840bdc1017c43b6d64b43ad752671a94bc558e93629e63
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b4e63f5c8c8e657a3e0cc14a59ab748c921727376239ef35d722158f58994e5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3841D376B512158FCB00CE7CC8947EF7BE6A78A330F254316C925A73E5DA3B59098B90
                                                                                                                                                                                          Function 007AF150 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d9b0d993a76f2608d67f4ba82a37fbca9427b2b5f345e0af1152b3dcbc92969d
                                                                                                                                                                                          • Instruction ID: 88527fe6c453cb97153191de16289c7d1ca281cb7bf74dfd0c69bf3a5cbab632
                                                                                                                                                                                          • Opcode Fuzzy Hash: d9b0d993a76f2608d67f4ba82a37fbca9427b2b5f345e0af1152b3dcbc92969d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3141C476E042198FCB00CFBCC5957EF7BF6AB8A324F25432AD961673D0D62A5D058B90
                                                                                                                                                                                          Function 007A73C0 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4a35ab84cb595f096c8aa2953d93ea1529b203c215533e93a75d977db801fe25
                                                                                                                                                                                          • Instruction ID: c57695d4767f17bd1963ae8c29182e3d20118317f1a12c358d1d886799ffd5ee
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a35ab84cb595f096c8aa2953d93ea1529b203c215533e93a75d977db801fe25
                                                                                                                                                                                          • Instruction Fuzzy Hash: C2413A76F08155CFCB088A7CCD953EE7BF69B86321F19021AD814A73D2C62A5909CB90
                                                                                                                                                                                          Function 0077C4C0 Relevance: .1, Instructions: 141COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 1511ceab0ec12fb2fbd39b61dd361ed2d658c541a669a207b87656e1803b1a6c
                                                                                                                                                                                          • Instruction ID: ad12a4ead56bb90af6ad657225ecab97f7de099420c3035b40352580ef5b0d63
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1511ceab0ec12fb2fbd39b61dd361ed2d658c541a669a207b87656e1803b1a6c
                                                                                                                                                                                          • Instruction Fuzzy Hash: B7414572A551058FCF018A3CC8917EE7BF1DB497A0F16421ED858AB3D1D92B5A098BA0
                                                                                                                                                                                          Function 0077E8C0 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 46f63c414ec380460ffa0c5d01cf29762841d32ac43f8d586debb2d359d36375
                                                                                                                                                                                          • Instruction ID: 5a26a1b8d5e170b60f0f6083458f95c63bdf9dfdf371198ba5820247e17bba13
                                                                                                                                                                                          • Opcode Fuzzy Hash: 46f63c414ec380460ffa0c5d01cf29762841d32ac43f8d586debb2d359d36375
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B418972A01212CFDF40CEBCC4A53EF7BF2E749360F128659C5549B385CA3E99098BA1
                                                                                                                                                                                          Function 0074F150 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b758ab097fbcba4eb4ba30ed8f68c3251254e54efc0b53002d2256b7e68015c9
                                                                                                                                                                                          • Instruction ID: 160609e4bbd123e98df370c80f475f9ea9abc1c1883393eca637dc98242ce94a
                                                                                                                                                                                          • Opcode Fuzzy Hash: b758ab097fbcba4eb4ba30ed8f68c3251254e54efc0b53002d2256b7e68015c9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C410876F051558FCB008E7CC8917EE7BF2BB45331F294326D9649B3D1C62A59069B60
                                                                                                                                                                                          Function 00786250 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: ed39b5a592a5f2933a0e6b4de1f3779dedc25cc51a3610ad3b50c53550047d18
                                                                                                                                                                                          • Instruction ID: 0b258e9986ae702829d105bfe9b8aa8a02383f3316b06994c1e2a07494104a2e
                                                                                                                                                                                          • Opcode Fuzzy Hash: ed39b5a592a5f2933a0e6b4de1f3779dedc25cc51a3610ad3b50c53550047d18
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9541F136E841199FDB00DEBCC4A47EF7BF6AB49320F25566AC810A7391C62F59098F91
                                                                                                                                                                                          Function 00754860 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 53eb3572d68be03f90f9f5bc15948317c8c6684306b3fd91862e2b0e9fca66fe
                                                                                                                                                                                          • Instruction ID: 6e5fd25cf7d45613d420883ec7c3297466ad707e389f928dc755bb6a14b45116
                                                                                                                                                                                          • Opcode Fuzzy Hash: 53eb3572d68be03f90f9f5bc15948317c8c6684306b3fd91862e2b0e9fca66fe
                                                                                                                                                                                          • Instruction Fuzzy Hash: 06416736B402158FDF00CB7CC4E93EF7BF1A749325F21421AD9559B391DA6EA90D8B90
                                                                                                                                                                                          Function 007AE1E0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 1a1916154ad9f1ab145513b35be6fad53b07047d8c5aed763ac351695e4f005f
                                                                                                                                                                                          • Instruction ID: 63e34f1016bb2626c310bc3918a4c4bde316798d73b33a4b4d70b99ec87022c4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a1916154ad9f1ab145513b35be6fad53b07047d8c5aed763ac351695e4f005f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A413A72A446158FCF049E7CC8A57EF7BF6A7CA320F154325D5119B3D0DA3E99098B90
                                                                                                                                                                                          Function 00753270 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 23053ae728346f61cbd4cf995c8dac981f7a0dd7f4c51f9628ad68ba0b96a53b
                                                                                                                                                                                          • Instruction ID: b5b5a1430ce928095f7270d18ddacae8f77d6824d4b3cfab957b070d96a9a8b8
                                                                                                                                                                                          • Opcode Fuzzy Hash: 23053ae728346f61cbd4cf995c8dac981f7a0dd7f4c51f9628ad68ba0b96a53b
                                                                                                                                                                                          • Instruction Fuzzy Hash: C8417876E006148FDF00CE7CD4957EE7BF2AB493A1F15421AC811A73A1CA3F5A0A8F90
                                                                                                                                                                                          Function 007A4AF0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a37598d6f48f81cb0342a026b0962e845df36c15a6d4301d283acb59ea0840e0
                                                                                                                                                                                          • Instruction ID: 3ba0a7892186a9960b23ca99d26edcd204222d4f2ba7340dc8db8f049d15c8f5
                                                                                                                                                                                          • Opcode Fuzzy Hash: a37598d6f48f81cb0342a026b0962e845df36c15a6d4301d283acb59ea0840e0
                                                                                                                                                                                          • Instruction Fuzzy Hash: FA4159B6A005158FCB00CE7CC8953EF7BF5A7D6321F15461AD914873A2D66F89098BA0
                                                                                                                                                                                          Function 00747BA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: d92a2ce50a675420eebc75c4369292e6a29d31d1fd133ee624e2aae004f17bfd
                                                                                                                                                                                          • Instruction ID: e4786f4ab70124f10d632fbefa22ffa86804d58a7b557616a9e277ce2daf80a3
                                                                                                                                                                                          • Opcode Fuzzy Hash: d92a2ce50a675420eebc75c4369292e6a29d31d1fd133ee624e2aae004f17bfd
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D415A76F556058FDB088E7CC4A53EF7BF6AB89320F254529C4119B3A1DB3E5809CB90
                                                                                                                                                                                          Function 00799CD0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 486a50f274f6f463a33ca16dabb6fc912b35dac8f799ab5f269cf3cce4da143d
                                                                                                                                                                                          • Instruction ID: 9c001092b5757e18858c062b37fd8862689f9892837bd3b6e4954897d4ca86b4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 486a50f274f6f463a33ca16dabb6fc912b35dac8f799ab5f269cf3cce4da143d
                                                                                                                                                                                          • Instruction Fuzzy Hash: AE41F476B006158FDF008A7CD8E47EF7BE6A749330F254319D6619B3E0D63E99098B90
                                                                                                                                                                                          Function 0076F480 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4fc4db01413d3b91338ae2bf572445ec42a33a029a1b2380b4d63d6be542765c
                                                                                                                                                                                          • Instruction ID: 3d909c97d93332f161eb52d40002b2bc244e8084c3fa94ef6eb10d9991e57205
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fc4db01413d3b91338ae2bf572445ec42a33a029a1b2380b4d63d6be542765c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 52412676E402158FCF008E7CD8A57EF7BF6AB45324F254726D922D7791CA2E58058B90
                                                                                                                                                                                          Function 0076BD60 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: ecf642c20023d53712b8a57cdedb1d720f4a85bba4c31efffc515c1ccb9bb8a0
                                                                                                                                                                                          • Instruction ID: 6505bbf7cb5a1a578e486054195ff595275f70176f1db54ac2ed8678da136bdc
                                                                                                                                                                                          • Opcode Fuzzy Hash: ecf642c20023d53712b8a57cdedb1d720f4a85bba4c31efffc515c1ccb9bb8a0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 89410876A415058FDB04CE7CC4A57EFBBF6A78A320F25411AC922AB390CA3B58058F91
                                                                                                                                                                                          Function 007530C0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 0653fc4e70e593570ed190162c6a4c03019c48662c34abab16c77a068bcea97d
                                                                                                                                                                                          • Instruction ID: 4bbf82765eca3432bb930cfb15da90ff99b22f95d83ff24945320ea778fb5b47
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0653fc4e70e593570ed190162c6a4c03019c48662c34abab16c77a068bcea97d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D410676E006158FCB00CE7CC9857DE77F2AB89761F15831AD825AB3E4CA6F5A098B50
                                                                                                                                                                                          Function 0077B920 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 587625e9e6b72bdb80194b23f4f5dbec2f508c7db00ae312905b3de6352489f5
                                                                                                                                                                                          • Instruction ID: b49496e34d89d82f4032d34bf5280dbbb00e9c18c56a6cbad27b0c020b122ae2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 587625e9e6b72bdb80194b23f4f5dbec2f508c7db00ae312905b3de6352489f5
                                                                                                                                                                                          • Instruction Fuzzy Hash: A941E676E002058FCF04CE7CC4947EF7BF2AB89760F168659D529A7390C72B59098F61
                                                                                                                                                                                          Function 007801E0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 4f6b1df1156e7ecfe337b93eb9bd3afa2211c103bf6852276988eb573e2ddfa4
                                                                                                                                                                                          • Instruction ID: 21dd409203ed35f8756bf7c134dab1214ba569e1c5c022976fd39a6faee0414c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f6b1df1156e7ecfe337b93eb9bd3afa2211c103bf6852276988eb573e2ddfa4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 59414C76E445058FCB04DE7CC4947EF77F2AB8A334F25421AC421A73E0C67A59098F90
                                                                                                                                                                                          Function 0078E1A0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c5e6afb07bec44b0e11d41cc816d34ea4c41ddbbc663f138453dee7eac4c05a1
                                                                                                                                                                                          • Instruction ID: 7e52e27631de2ca79e50fb5cde1f25d1500bc6b1e9fd3fcfb52331b37680a346
                                                                                                                                                                                          • Opcode Fuzzy Hash: c5e6afb07bec44b0e11d41cc816d34ea4c41ddbbc663f138453dee7eac4c05a1
                                                                                                                                                                                          • Instruction Fuzzy Hash: D241477AE801258FCB04DE7CD8943FE7BF6AB45324F25421AC925AB790C72F5D098B94
                                                                                                                                                                                          Function 00794AB0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 452d576a1a2601ea715410de6d5f741ba99abbe1c6aef3c2867aa14d9af18b32
                                                                                                                                                                                          • Instruction ID: 78b04d78c7fd03afbd83eb099a2102afd6e92b7b16a776310e865448538902d9
                                                                                                                                                                                          • Opcode Fuzzy Hash: 452d576a1a2601ea715410de6d5f741ba99abbe1c6aef3c2867aa14d9af18b32
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B411876E051158FCF00CE7CD595BEEB7F2AB89320F164219D524AB3A0C63B9D0A8F60
                                                                                                                                                                                          Function 0078D350 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 27c139aa6a1242006d5a17fcec40d5b061aacd530c67e85be0de4b3e7bad4cf3
                                                                                                                                                                                          • Instruction ID: 4f98b196efbb14524676f89556593687002ab9f42a0f284fd2e4870e5433283d
                                                                                                                                                                                          • Opcode Fuzzy Hash: 27c139aa6a1242006d5a17fcec40d5b061aacd530c67e85be0de4b3e7bad4cf3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A41E076E402598FDB00DE7CC8947EE7BF2A789320F264619D814A77E1C63B5E098B91
                                                                                                                                                                                          Function 00793B20 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 16de0cd27dfe2c62d43e080def69c24ea8dabeaa5c291daa579af1ecc036993c
                                                                                                                                                                                          • Instruction ID: dcebb7dcd610a905b2757699c9351b41618cff155ef94d5038e4e27916c7e125
                                                                                                                                                                                          • Opcode Fuzzy Hash: 16de0cd27dfe2c62d43e080def69c24ea8dabeaa5c291daa579af1ecc036993c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8641F676E046158FCF00CE7CD4957DE7BF2AB89320F15421AC565AB3D1C63B5A098F60
                                                                                                                                                                                          Function 007AC3E0 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 40e8eaf99494b57b34fc90b9846c225bb3f7680c87a36df726bd6c3d0dfc03fd
                                                                                                                                                                                          • Instruction ID: 4bb8b7c224969376079bc9df67a3b0c8ee92a68b9f82d9702aef0706b0e7ec4c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 40e8eaf99494b57b34fc90b9846c225bb3f7680c87a36df726bd6c3d0dfc03fd
                                                                                                                                                                                          • Instruction Fuzzy Hash: C7410376E002158FCB028E7CD4A57EE7BF2A78A720F15031AD925AB3D0C62F5909DB94
                                                                                                                                                                                          Function 00798B90 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5d1734c58e8c31d26b7bb73a080d616de4287b3cb59ae2f41d39b6560b9471d9
                                                                                                                                                                                          • Instruction ID: 80ea65a91b5f6a9cee1b45532e87a94f39bfb6d62aa02c7834c61561c27a6953
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d1734c58e8c31d26b7bb73a080d616de4287b3cb59ae2f41d39b6560b9471d9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6341C276B012159FCF00CE7CE5847EE7BF1A75A324F15421AD821AB3E1D62B59098FA1
                                                                                                                                                                                          Function 007AD440 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 10345f77ec7a828e8f0d8b44ac6b93a55bc2e64b985cdc5d29837673ff28dc39
                                                                                                                                                                                          • Instruction ID: 902fe69a8df60efa646d1fad276e5ec37e8cd3758710ff2a017fd27194647d97
                                                                                                                                                                                          • Opcode Fuzzy Hash: 10345f77ec7a828e8f0d8b44ac6b93a55bc2e64b985cdc5d29837673ff28dc39
                                                                                                                                                                                          • Instruction Fuzzy Hash: C741E276E011158FCB14CE7CD4947EE7BF2A78A324F154319D822AB790D63A9E098FA1
                                                                                                                                                                                          Function 00748420 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: b13aecab138ca66721ba8f73d3e2cef7758bf885b14adc5fee3289c8f01d5e33
                                                                                                                                                                                          • Instruction ID: ab6a7304f1037821cee3597d6e33f34161b1c0801a92d6bf649adb8ed0801df2
                                                                                                                                                                                          • Opcode Fuzzy Hash: b13aecab138ca66721ba8f73d3e2cef7758bf885b14adc5fee3289c8f01d5e33
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3141D676E001198BCB04CE7CC5A47EEBBF6A749330F25421ACA25AB3D0CA2B59058F61
                                                                                                                                                                                          Function 007A1D60 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 46fd84d8eeb25dc3093bf185b3321c679f0fb12eebdf9ec16115d0c031c24063
                                                                                                                                                                                          • Instruction ID: c389399a84d03ee6b297eb6112435eebc0daa92845502edca1a3e2e4ff4226a6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 46fd84d8eeb25dc3093bf185b3321c679f0fb12eebdf9ec16115d0c031c24063
                                                                                                                                                                                          • Instruction Fuzzy Hash: 30412676E042158FDB04CE7CC4947EE7BF2AB8A325F55432AD821A73E1C63B59098B90
                                                                                                                                                                                          Function 007B21C0 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 0703a6971359e65ae83d6fa04bab978a454e7c39085cf5e554b81746b763d1cb
                                                                                                                                                                                          • Instruction ID: 59075278a13a56200033210fab3f724d9a0209e954f5435bec09f9d3837b52bd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0703a6971359e65ae83d6fa04bab978a454e7c39085cf5e554b81746b763d1cb
                                                                                                                                                                                          • Instruction Fuzzy Hash: BA414872A552158FCB008E7CC8A57EF7BF5E745330F264715D620DB3E2CA2E590A8B94
                                                                                                                                                                                          Function 0074EA00 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 0a9b64ae58320c695fcb10e44711e71ec76256eeaaafe96838dbe80caebde6ea
                                                                                                                                                                                          • Instruction ID: 02d46c1c646ec5f677ff30d6c22bea06f8ed476b913148223ee4254b4ddf939b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a9b64ae58320c695fcb10e44711e71ec76256eeaaafe96838dbe80caebde6ea
                                                                                                                                                                                          • Instruction Fuzzy Hash: B341E476E402158FDB00CE7CC4947EE7BF2B74A330F25865AD821AB3A0D63A59098B90
                                                                                                                                                                                          Function 0073EA90 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 61c400c23a3924c9ea95859ffad3284f3ce2e314ebc162bd1816831ccd19608a
                                                                                                                                                                                          • Instruction ID: 63717f9e213c0f9c12f9b41a9d6139dbe56e7c59da21d53dfc6f7787429ea728
                                                                                                                                                                                          • Opcode Fuzzy Hash: 61c400c23a3924c9ea95859ffad3284f3ce2e314ebc162bd1816831ccd19608a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 92418A76A481148FDF018E3CC8A57EFBBF2A746330F214219D4119B3D1DA2F68098BA0
                                                                                                                                                                                          Function 00764B00 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 60a6e2d1cac02f5fd489d4aa105184331e2476945e716cd814c9163f8e79b635
                                                                                                                                                                                          • Instruction ID: 11eea475d82f84f95c72d2969de841b337d68fb31c23ac7d7bfb7879aeb279f0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 60a6e2d1cac02f5fd489d4aa105184331e2476945e716cd814c9163f8e79b635
                                                                                                                                                                                          • Instruction Fuzzy Hash: 81413973A551058FDB00CF7CC8A53EF7BF6EB85321F264619C8169B791CA3E98099B90
                                                                                                                                                                                          Function 0079A3D0 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 57627b0f5692ed761220ed418c6432d6c92caa370cb0483d30b7f0190f55519f
                                                                                                                                                                                          • Instruction ID: a03126765cd07062aa4a2318c6d317d6d8b0484a00fa1a7bfa009daac8da56f4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 57627b0f5692ed761220ed418c6432d6c92caa370cb0483d30b7f0190f55519f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 21414772A411159FDF00CA7CD8A83EFBBF5A745330F26422AC9559B3E1D62F58098BC1
                                                                                                                                                                                          Function 007978B0 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 0b7c728c944ed4de636fe4bafe7d719c0b6733dce4016e249cc9524838a35d2d
                                                                                                                                                                                          • Instruction ID: 8ff1302cd5632dc6105f1724e82bd63ae447b638a83e7b9d49c2f216deac33cb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b7c728c944ed4de636fe4bafe7d719c0b6733dce4016e249cc9524838a35d2d
                                                                                                                                                                                          • Instruction Fuzzy Hash: A8419736A181268FCF048ABCD8917EF7BF2E785730F154619D860973E1D22F9909CB90
                                                                                                                                                                                          Function 0073FAA0 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 754951b95d88219bbd58f43e81f126e75e8b9394ac7c2d19baf2cfd42e445599
                                                                                                                                                                                          • Instruction ID: 1c9a20b9d14eb2a2090edf32e6e1273cdd330954d480294b189426f8f4a5b9f2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 754951b95d88219bbd58f43e81f126e75e8b9394ac7c2d19baf2cfd42e445599
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D41F8B7E441198BDB008A7CC8957EE7BF2A795364F15432AC920973E1D63F590A8B90
                                                                                                                                                                                          Function 0073EC40 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: eb6d4f4d2871ebf2cbfcc71208226852338ac771cb6a599da5e561f4654302e8
                                                                                                                                                                                          • Instruction ID: a6eb97fc2c0082b4b207b61fb4042b248065b2853612f87e859a67d3a2ea073d
                                                                                                                                                                                          • Opcode Fuzzy Hash: eb6d4f4d2871ebf2cbfcc71208226852338ac771cb6a599da5e561f4654302e8
                                                                                                                                                                                          • Instruction Fuzzy Hash: AF414677B441198FDF048A7CC8913EF7BF2A749731F25461AD821A73E2C62F59099BA0
                                                                                                                                                                                          Function 00758570 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: da0a724bff4e2026c9ce423a90a862b3acf7a8d293e696aeac4b92aa9c427908
                                                                                                                                                                                          • Instruction ID: 2ecc65c8c9ec9f9ce5c696c378d0608cb1e3cc366e6f1cef8e6dadf6b3c1eeb5
                                                                                                                                                                                          • Opcode Fuzzy Hash: da0a724bff4e2026c9ce423a90a862b3acf7a8d293e696aeac4b92aa9c427908
                                                                                                                                                                                          • Instruction Fuzzy Hash: 55416A76E041158FCF408E7CC8A43EF7BF2AB45331F25022AC965A73D1DA6E980D8B91
                                                                                                                                                                                          Function 0075B490 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: c75874df81298d85f6571d4deee3da09c37a47a3a54eeb309767e7b32efa8da2
                                                                                                                                                                                          • Instruction ID: 53d7aa5986cdb1f51a3b115791676b81b7b251ae70c9aa5bb62f2ce5ac489fd5
                                                                                                                                                                                          • Opcode Fuzzy Hash: c75874df81298d85f6571d4deee3da09c37a47a3a54eeb309767e7b32efa8da2
                                                                                                                                                                                          • Instruction Fuzzy Hash: F641E272A011054FDB048E7CC8957FE77E6E785321F254619D8219B3D1EAAE450D8F91
                                                                                                                                                                                          Function 007BED54 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 007BEE73
                                                                                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 007BEF81
                                                                                                                                                                                          • CatchIt.LIBVCRUNTIME ref: 007BEFD2
                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 007BF0D3
                                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 007BF0EE
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                          • String ID: csm$csm$csm${
                                                                                                                                                                                          • API String ID: 4119006552-3283406468
                                                                                                                                                                                          • Opcode ID: 4b53eeea5861a6b85013cac8a74ed39876f2f49d54929b27a3c4154274a75136
                                                                                                                                                                                          • Instruction ID: 3e1a5ac90bebdfb804b2f3448f0f64c5819683133af6b62e6092c8ead14c87cf
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b53eeea5861a6b85013cac8a74ed39876f2f49d54929b27a3c4154274a75136
                                                                                                                                                                                          • Instruction Fuzzy Hash: A6B15C71800209EFCF25EFA4C885AEEBBB5FF14714F148169E8156B312D739DA61CB92
                                                                                                                                                                                          Function 007C9C7E Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 127012223-0
                                                                                                                                                                                          • Opcode ID: 6ddb3528a8a6192bd33272cb66b5cdad427ec7ce3d340a75fd89ea08654cacb6
                                                                                                                                                                                          • Instruction ID: c082854905bdd78d521a20dbacdc8c45102457adcf1cdecd061a22272c5e2bd3
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ddb3528a8a6192bd33272cb66b5cdad427ec7ce3d340a75fd89ea08654cacb6
                                                                                                                                                                                          • Instruction Fuzzy Hash: A471C572A042059BDFA19E648C8AFEF77BA9F55710F28015DEA05B7281EA3DDC40C7A1
                                                                                                                                                                                          Function 007B8D52 Relevance: 10.7, APIs: 7, Instructions: 153threadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 007B8D7A
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 007B8D97
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 007B8DB8
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 007B8E3B
                                                                                                                                                                                          • __Xtime_diff_to_millis2.LIBCPMT ref: 007B8E53
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 007B8E7F
                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 007B8EC5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CurrentThread$Xtime_diff_to_millis2
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1280559528-0
                                                                                                                                                                                          • Opcode ID: 5d157decc13f14d81c37ee1cb929a04d6fce87a3c27799b3ef69d6ed537c9305
                                                                                                                                                                                          • Instruction ID: 5f4bd2103b3519627b86eaaa9053bcf25396d1136e49563b4fcc016a73d92e06
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d157decc13f14d81c37ee1cb929a04d6fce87a3c27799b3ef69d6ed537c9305
                                                                                                                                                                                          • Instruction Fuzzy Hash: E0519E31A00115CFCF60DF24C885AE9B7B9FF58710B21855AE946AB281DF38ED41CF96
                                                                                                                                                                                          Function 007BF995 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,007BFAA4,007B7CCC,?,00000000,?,?,?,007BF856,00000022,FlsSetValue,007CDBB8,T0},?), ref: 007BFA56
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                          • API String ID: 3664257935-537541572
                                                                                                                                                                                          • Opcode ID: 8f03b26670796d29e807aaa39375fa34d7beb030abe31e5772b5be6a53204a0a
                                                                                                                                                                                          • Instruction ID: 14dd862fbe6db6357c9e61e1e00720a4bab93d487dc78ebbbb26c072881f65be
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f03b26670796d29e807aaa39375fa34d7beb030abe31e5772b5be6a53204a0a
                                                                                                                                                                                          • Instruction Fuzzy Hash: E4210571A01211ABCB25AB349C81B9A7778EF42B70F108235E909E72C1D778EE01C6D1
                                                                                                                                                                                          Function 007BE523 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,007BE51A,007BA094,007B923F), ref: 007BE531
                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007BE53F
                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007BE558
                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,007BE51A,007BA094,007B923F), ref: 007BE5AA
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                          • Opcode ID: 358bbfb4304f002366daea9c18d8f6f087b01acb6539a969c62741fbb08242f5
                                                                                                                                                                                          • Instruction ID: 6955293419666242af3af4aa9dafaea7c1451fb40cb02bc961724fe780ec5193
                                                                                                                                                                                          • Opcode Fuzzy Hash: 358bbfb4304f002366daea9c18d8f6f087b01acb6539a969c62741fbb08242f5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2601DD7210E6259DA7341F747C99FDA2765DF01779360423EF410863E0FF5D8C109294
                                                                                                                                                                                          Function 007C3998 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • C:\Users\user\Desktop\4hQFnbWlj8.exe, xrefs: 007C39B4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\4hQFnbWlj8.exe
                                                                                                                                                                                          • API String ID: 0-547016974
                                                                                                                                                                                          • Opcode ID: 531a0ad52dd8bbc1c5a9ea2102452075ce4835c435bfe970e18b9650c913f40b
                                                                                                                                                                                          • Instruction ID: e3861c32b795446d25e68aa21d1246ddc4e486deba98a1fedf8d7dcd68fdc118
                                                                                                                                                                                          • Opcode Fuzzy Hash: 531a0ad52dd8bbc1c5a9ea2102452075ce4835c435bfe970e18b9650c913f40b
                                                                                                                                                                                          • Instruction Fuzzy Hash: CB21D131200A05EF8B20EF70CC45F6AB7A9EF01368710C52EF95597161DB79EE10C790
                                                                                                                                                                                          Function 007BD05E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,8EC73E86,?,?,00000000,007CB8A7,000000FF,?,007BD11F,007BD006,?,007BD1BB,00000000), ref: 007BD093
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007BD0A5
                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,007CB8A7,000000FF,?,007BD11F,007BD006,?,007BD1BB,00000000), ref: 007BD0C7
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                          • Opcode ID: b92c2af2bac723d28299338f9401a2a5d258daafbb23bfb9bdb161856565e851
                                                                                                                                                                                          • Instruction ID: e47516249e0bfaa1885fad5ea309c0c5d80b0a7819cdd1ac3db6470c5174c418
                                                                                                                                                                                          • Opcode Fuzzy Hash: b92c2af2bac723d28299338f9401a2a5d258daafbb23bfb9bdb161856565e851
                                                                                                                                                                                          • Instruction Fuzzy Hash: 86016271914659AFDB219F50DC05FAEBBB9FB04B11F04452AF811A22D0EBBC9D01CB95
                                                                                                                                                                                          Function 007BF179 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,007BF07F,?,?,00000000,00000000,00000000,?), ref: 007BF19E
                                                                                                                                                                                          • CatchIt.LIBVCRUNTIME ref: 007BF284
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CatchEncodePointer
                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                          • API String ID: 1435073870-2084237596
                                                                                                                                                                                          • Opcode ID: 2b8c04b23e0ebf6e3b74e117d5a01294cdbf62fcf419ca616898346355ad190b
                                                                                                                                                                                          • Instruction ID: e1c1c6d508ea8683c06fb8c96033c98a892aa7a6bdc3a45743c7a371f2b89dbd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b8c04b23e0ebf6e3b74e117d5a01294cdbf62fcf419ca616898346355ad190b
                                                                                                                                                                                          • Instruction Fuzzy Hash: C9412476900209EFCF16DF98CD85BEEBBB5FF48704F188169F904A6221D2399A60DB51
                                                                                                                                                                                          Function 007C4BE3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000008,00000000,00000800,?,007C4C7F,?,00000000,?,?,?,?,007C4AC7,00000000,FlsAlloc,007CE4F0,007CE4F8), ref: 007C4BF0
                                                                                                                                                                                          • GetLastError.KERNEL32(?,007C4C7F,?,00000000,?,?,?,?,007C4AC7,00000000,FlsAlloc,007CE4F0,007CE4F8,?,?,007BE4D1), ref: 007C4BFA
                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000008,00000000,00000000,007D4C88,00000008,007522B7,E49EE01E), ref: 007C4C22
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                          • API String ID: 3177248105-2084034818
                                                                                                                                                                                          • Opcode ID: 4d464b3e907a448722264a923c6ed4d4fe742389c000fd488b66de32d02f25f5
                                                                                                                                                                                          • Instruction ID: b13f5e45c6a01075463ee84d04f80a0663798229984cd3f4387049a6cfc63c37
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d464b3e907a448722264a923c6ed4d4fe742389c000fd488b66de32d02f25f5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DE01270641204B6EA301F60DD0AF197F65AB10B52F104529F90DA80E1E7EA9A508A55
                                                                                                                                                                                          Function 007C5564 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetConsoleOutputCP.KERNEL32(8EC73E86,00000000,00000000,?), ref: 007C55C7
                                                                                                                                                                                            • Part of subcall function 007C4053: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,007C5048,?,00000000,-00000008), ref: 007C40B4
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 007C5819
                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 007C585F
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007C5902
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2112829910-0
                                                                                                                                                                                          • Opcode ID: 7767d35b9e56c005f80f2c7f89eb7d690843cda455282ceaf5b3b88d7334fde6
                                                                                                                                                                                          • Instruction ID: 2ccbf6c141ffdc00ae0fd7d283cc7a8255bc5b411e085dcf909f76f18e516e0f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7767d35b9e56c005f80f2c7f89eb7d690843cda455282ceaf5b3b88d7334fde6
                                                                                                                                                                                          • Instruction Fuzzy Hash: CAD17975D00648DFCF15CFA8C884AADBBB5FF48310F28856EE466EB251D735A982CB50
                                                                                                                                                                                          Function 007BEB7D Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                                          • Opcode ID: 399b776a3276623a048b7b68137fc6651cfc4ef06119841fb7d845c012ff26d0
                                                                                                                                                                                          • Instruction ID: 84de33cf2a13c746527af32c9c89a40277c237fab2ff9257d5c8f5e4175ce23f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 399b776a3276623a048b7b68137fc6651cfc4ef06119841fb7d845c012ff26d0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1251C2B260420AEFDB299F24D845BFABBA5EF40310F14442DF94687391E739EC81D7A0
                                                                                                                                                                                          Function 007C33FC Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 007C4053: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,007C5048,?,00000000,-00000008), ref: 007C40B4
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 007C3460
                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007C3467
                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?), ref: 007C34A1
                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 007C34A8
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1913693674-0
                                                                                                                                                                                          • Opcode ID: b8f57a231187ff7415f5093fa891972017437b0eed3d25a2d896dd044902c8f9
                                                                                                                                                                                          • Instruction ID: dcba4c503d8981e8711643941e59ab3ce9449910fc9c0ceb7e9250cee87aefa5
                                                                                                                                                                                          • Opcode Fuzzy Hash: b8f57a231187ff7415f5093fa891972017437b0eed3d25a2d896dd044902c8f9
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7621D031200A45EF9B25AFA2D884E3BB7A9EF01364710C42DFC1597241D73CEF408B90
                                                                                                                                                                                          Function 007C414F Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 007C4157
                                                                                                                                                                                            • Part of subcall function 007C4053: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,007C5048,?,00000000,-00000008), ref: 007C40B4
                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007C418F
                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007C41AF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 158306478-0
                                                                                                                                                                                          • Opcode ID: 22b0d23a4c61f704856e2e98c091f1820c3e97f08fb6ac3f2b963ea1640aaea0
                                                                                                                                                                                          • Instruction ID: a0a6adb5178a68ba2fd42b36af773dc12b434252609dd15ec61d83db65ee7895
                                                                                                                                                                                          • Opcode Fuzzy Hash: 22b0d23a4c61f704856e2e98c091f1820c3e97f08fb6ac3f2b963ea1640aaea0
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8111C4B9601619FFA72127715CDEEAF2F6DEE59394318012DF94591101EA2CCE4045F9
                                                                                                                                                                                          Function 0076A520 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 0076A691
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                                          • String ID: vector too long
                                                                                                                                                                                          • API String ID: 909987262-2873823879
                                                                                                                                                                                          • Opcode ID: f50cbf265badff834d6b0da57b32a0ccec2082122abf1849fd761ebf2e992721
                                                                                                                                                                                          • Instruction ID: 7460cf9513f90974089b3a72f48c1186ed13afe5d8945703ba1370ea5e06219a
                                                                                                                                                                                          • Opcode Fuzzy Hash: f50cbf265badff834d6b0da57b32a0ccec2082122abf1849fd761ebf2e992721
                                                                                                                                                                                          • Instruction Fuzzy Hash: 53318D3A9416059FDB00DE7CC5B57FF7BF5A741320F25461AC8427B3A2D52E89058F52
                                                                                                                                                                                          Function 007BE9ED Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 007BE9F6
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ___except_validate_context_record
                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                          • API String ID: 3493665558-3733052814
                                                                                                                                                                                          • Opcode ID: 507c71b6f91b0dae19104c548ad47bbd9c687c324a897b5aea1aa23f0852b8c5
                                                                                                                                                                                          • Instruction ID: 9bb076ff6b17e1169a35c3462b2f40be50533d3a2c4298cc4993fb595df81d99
                                                                                                                                                                                          • Opcode Fuzzy Hash: 507c71b6f91b0dae19104c548ad47bbd9c687c324a897b5aea1aa23f0852b8c5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 67319132500219EFCF269F50CC44AFA7B6AFF09319B28C65AF85449361D33ADDA1DB81
                                                                                                                                                                                          Function 007BB17E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000000.00000002.1762726116.0000000000731000.00000020.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                                                                                                                                          • Associated: 00000000.00000002.1762708912.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762787328.00000000007CC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762807781.00000000007D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762825841.00000000007D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762857426.00000000007DD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          • Associated: 00000000.00000002.1762881125.00000000007E2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_730000_4hQFnbWlj8.jbxd
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CommandLine
                                                                                                                                                                                          • String ID: %
                                                                                                                                                                                          • API String ID: 3253501508-2291192146
                                                                                                                                                                                          • Opcode ID: 0163a06e8ae16a5e2f334e8e49c018aaba35a30206f0800c86f2e2a1fede0481
                                                                                                                                                                                          • Instruction ID: 3079a8d1e126020cb554718bd8d876128c6f581c65cfe705c428f72521ca4f36
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0163a06e8ae16a5e2f334e8e49c018aaba35a30206f0800c86f2e2a1fede0481
                                                                                                                                                                                          • Instruction Fuzzy Hash: EDB09278A033008FC7109F30F90C4083BF1F64820238880A7D505C2320DF3C0100CF09